Re: Mapping userPassword to Kerberos 5

[Paul M Fleming <pfleming@siumed.edu>]

I haven't tried {SASL} .. It wasn't consider production quality when I
first built my system and I've been too busy to test it.. Any good
pointers to docs??



Stephen Frost wrote:
> 
> * Paul M Fleming (pfleming@siumed.edu) wrote:
> > I'm not a user of the Debian packages (use custom Redhat rpms) -- but my
> > two cents.
> 
> Thanks, I appriciate the thought.
> 
> > --enable-kpasswd is a viable option in some environments. We don't allow
> > users to directly bind to LDAP BUT we have some commercial applications
> > that don't understand Kerberos directly but DO understand LDAP + SSL/TLS
> > for authentication. Technically, this isn't a truly "kerberos" solution
> > but we've decided that single signon is more important -- in our case we
> > can control which apps / networks the App -> LDAP -> Kerberos
> > authentication takes place. It isn't a perfect solution - I'd love to
> > have all my apps speak native kerberos or gssapi but that's just not
> > reality when you're trying to integrate a heterogeneous multi
> > application environment.
> 
> What about using {SASL} instead of {KERBEROS}?  I'm wondering if that
> works, I'd think it would..
> 
>         Stephen
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature