[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mapping userPassword to Kerberos 5



Today at 9:55am, Paul M Fleming wrote:

> --enable-kpasswd is a viable option in some environments. We don't allow
> users to directly bind to LDAP BUT we have some commercial applications
> that don't understand Kerberos directly but DO understand LDAP + SSL/TLS
> for authentication.

This is pretty much the same boat I'm in.  I have the added requirement
to allow people (users) to directly bind to LDAP, but I require they
have an SSL connection to do so (yes, I'm aware that they can try and
send their password in the clear across the net even though it won't be
successful).

F