[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Munging an OpenLDAP slapd server

To: man@mentata.com, OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject: Re: Munging an OpenLDAP slapd server
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 25 Jan 2006 15:49:42 -0800
Cc: "J.Lance Wilkinson, 814-865-1818" <JLW@psulias.psu.edu>
Content-disposition: inline
In-reply-to: <43D80204.1030209@jonanddeb.net>
References: <01LY6REE20IS8WWS4B@psulias.psu.edu> <920ECC3B43A3E9F80EC18C9A@[10.0.0.1]> <43D80204.1030209@jonanddeb.net>

--On Wednesday, January 25, 2006 3:56 PM -0700 Jon Roberts <jon@jonanddeb.net> wrote:

I think you could just use saslauthd to forward the password stuff to
the KDC, to get whether or not they can bind?


I have read about both approaches on this list before, but I've never
seen a comparison of the advantages or disadvantages. From what I recall,
Howard Chu refers to saslauthd as worthless even when configuring SASL.
What is the essential difference between having slapd, saslauthd, and/or
the client itself performing kerberos authentication?

I've never set it up, and from what I understand, it'll kill the performance of the server. The real problem here of course is applications requiring a password from the LDAP server rather than going straight to the KDC...

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Munging an OpenLDAP slapd server
  - From: "J.Lance Wilkinson, 814-865-1818" <JLW@psulias.psu.edu>
- Re: Munging an OpenLDAP slapd server
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Munging an OpenLDAP slapd server
  - From: Jon Roberts <jon@jonanddeb.net>

Prev by Date: Re: Munging an OpenLDAP slapd server
Next by Date: VLV Control
Index(es):
- Chronological
- Thread