* Paul M Fleming (pfleming@siumed.edu) wrote:
> I'm not a user of the Debian packages (use custom Redhat rpms) -- but my
> two cents.
Thanks, I appriciate the thought.
> --enable-kpasswd is a viable option in some environments. We don't allow
> users to directly bind to LDAP BUT we have some commercial applications
> that don't understand Kerberos directly but DO understand LDAP + SSL/TLS
> for authentication. Technically, this isn't a truly "kerberos" solution
> but we've decided that single signon is more important -- in our case we
> can control which apps / networks the App -> LDAP -> Kerberos
> authentication takes place. It isn't a perfect solution - I'd love to
> have all my apps speak native kerberos or gssapi but that's just not
> reality when you're trying to integrate a heterogeneous multi
> application environment.
What about using {SASL} instead of {KERBEROS}? I'm wondering if that
works, I'd think it would..
Stephen
Attachment:
pgpP96TMysdM2.pgp
Description: PGP signature