f



RE: is that common to use kerberos authentication for SUN iplanet LDAP server?

Whether a directory can do SASL/GSSAPI data privacy and/or integrity is
directory server specific.  Some directories (AD) support privacy and/or
integrity protection.  Others (Sun) don't, so you must use SSL. 

One other thing to be aware of is that clients and downgrade the privacy
and integrity protection.  If clients can do downgrade the data
protection, it makes me wonder if an attacker can downgrade the session.
I haven't looked into it enough.

-dan

-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On
Behalf Of Markus Moeller
Sent: Thursday, September 01, 2005 1:24 PM
To: kerberos@mit.edu
Subject: Re: is that common to use kerberos authentication for SUN
iplanet LDAP server?

Craig,

you say you use SASL + SSL. As far as I know SASL/GSSAPI can do
encryption 
too. What was the reason not to use SASL/GSSAPI with encryption. And
example 
is AD, which can be accessed via SASL/GSSAPI with encryption.

Thanks
Markus

"Craig Huckabee" <huck@spawar.navy.mil> wrote in message 
news:4316DEC8.5060809@spawar.navy.mil...
> Kent Wu wrote:
>>
>>    So my question is that is it pretty easy to enable Kerberos for
SUN 
>> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
>
>   We use Sun's LDAP server with PADL's GSSAPI plugin - we built our
copy 
> against MIT Kerberos 1.3.x and use MIT KDCs.  I think the binary
versions 
> they sold previously also use MIT Kerberos.
>
>   We now have several processes that regularly use only GSSAPI/SASL
over 
> SSL to authenticate and communicate with LDAP.  Works very well.
>
> HTH,
> Craig
>
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 



________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos



________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
0
drwachd (20)
9/1/2005 7:50:47 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
618 Views

Similar Articles

[PageSpeed] 40
See related articles to this posting


Reply: