[Gllug] LDAP and Kerberos

Simon Morris simon.morris at cmtww.com
Tue Jan 31 15:02:36 UTC 2006


Dani Pardo wrote:

> 
>   Mm.. sounds like pam, but over the network and controlled via a
> central "brain" and based on tickets. Cool.
>   I've readen that this protocol was written on the 80's, the v2 and v3
> were bloated, and v4 had security flaws. So v5 should be considered
> *the* kerberos. What surprises me is.. does it really has been Microsoft
> the first to make a *broad deployment* of Kerberos with AD? Or I've been
> living under a rock?
>   I mean, I have the impression that has always been here, and now it's
> not as easy as adding pam-kerberos to /etc/pam.d/* and "Voila! Single
> sign on and cental authentication!". Or is there any project going into
> that direction?
> 

I don't know of many Free Software projects that use Kerberos as an "out 
of the box" solution for authentication but the tools have been there 
for a while.

Apples Open Directory has the option of using Kerberos and uses the open 
source packages to do this (but as a sweeping generalisation) not that 
many Mac admins are aware of what it can do or how to get it running.

~sm
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list