LDAP and passwords

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jul 31 15:53:42 UTC 2009

On Fri, Jul 31, 2009 at 11:26 AM, Darryl Moore<darryl-90a536wCiRb3fQ9qLvQP4Q at public.gmane.org> wrote:
>> Okay, l get it now. Unfortunately, I do not see any other solution short
>> of using kerberos.
> I can do this with kerberos? It had been my intention to learn more
> about kerberos, figuring I would need to implement it at some point.
> This may mean I dig into it sooner rather than later.

I think that overstates it a bit...

Not so much "I can do this with Kerberos", but rather "this is the
sort of thing that would be *possible* with Kerberos."

Few enough applications have been "Kerberized" that it's not obvious
how usable this will necessarily be.

On the "good side"...
 - ssh supports Kerberos, which means that anything that uses ssh should too
 - popular IMAP servers such as UW-IMAP, Dovecot, Cyrus are able to
support Kerberos
- many services that support ssl/TLS authentication:

Some other servers that support Kerberos authentication:
Some jabber servers such as jabberd2, ejabberd
PostgreSQL databases
Apache (via modauthkerb)

Client side:

You need to configure each such service to be Kerberos-aware, which
seems to be a somewhat nontrivial task...
Ogden Nash  - "The trouble with a kitten is that when it grows up,
it's always a cat." -
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list