[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: OpenLDAP in Production
> -----Original Message-----
> From: dreamwvr@dreamwvr.com [mailto:dreamwvr@dreamwvr.com]
> On Wed, Feb 26, 2003 at 06:43:47AM -0800, Howard Chu wrote:
> > Sounds like that book is very much out of date. It's a
> shame, Addison-Wesley contacted me a year or two ago about
> writing an OpenLDAP book and I didn't have time to pursue it.
> One of these days...
> That is a shame I would have liked to read that_book.
> Do you have opinions on
> McMillan Technology Series
> "LDAP Programming Directory Enabled Applications with
> Lightweight Directory Access Protocol"
> By Timothy A Howes, Ph.D
> Mark C. Smith
I haven't read it. Of course, these are the same folks who brought you the
LDAP specification in the first place, so I'm sure it won't steer you wrong.
> I find it so far a long haul. But the hardest trips are
> usually the most
> rewarding IMHO. I was hoping to use OpenLDAP w/kerberos and
> client certs
> authenticating user accounts. So once I understand what is
> already working
> then I can code whatever I need otherwise. (This is perfect IMO.)
Hmmm... In general, Kerberos and certificate-based authentication are
separate systems. You might be talking about Kerberos with the PK-Init
extension, but that is still only an Internet Draft, not a finalized spec.
For the most part, you use either Kerberos, or certificates, but not both at
once.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support