[Gllug] LDAP and Kerberos
Simon Morris
simon.morris at cmtww.com
Tue Jan 31 15:02:36 UTC 2006
Dani Pardo wrote:
>
> Mm.. sounds like pam, but over the network and controlled via a
> central "brain" and based on tickets. Cool.
> I've readen that this protocol was written on the 80's, the v2 and v3
> were bloated, and v4 had security flaws. So v5 should be considered
> *the* kerberos. What surprises me is.. does it really has been Microsoft
> the first to make a *broad deployment* of Kerberos with AD? Or I've been
> living under a rock?
> I mean, I have the impression that has always been here, and now it's
> not as easy as adding pam-kerberos to /etc/pam.d/* and "Voila! Single
> sign on and cental authentication!". Or is there any project going into
> that direction?
>
I don't know of many Free Software projects that use Kerberos as an "out
of the box" solution for authentication but the tools have been there
for a while.
Apples Open Directory has the option of using Kerberos and uses the open
source packages to do this (but as a sweeping generalisation) not that
many Mac admins are aware of what it can do or how to get it running.
~sm
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list