LDAP and passwords
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jul 31 15:53:42 UTC 2009
On Fri, Jul 31, 2009 at 11:26 AM, Darryl Moore<darryl-90a536wCiRb3fQ9qLvQP4Q at public.gmane.org> wrote:
>> Okay, l get it now. Unfortunately, I do not see any other solution short
>> of using kerberos.
> I can do this with kerberos? It had been my intention to learn more
> about kerberos, figuring I would need to implement it at some point.
> This may mean I dig into it sooner rather than later.
I think that overstates it a bit...
Not so much "I can do this with Kerberos", but rather "this is the
sort of thing that would be *possible* with Kerberos."
Few enough applications have been "Kerberized" that it's not obvious
how usable this will necessarily be.
On the "good side"...
- ssh supports Kerberos, which means that anything that uses ssh should too
- popular IMAP servers such as UW-IMAP, Dovecot, Cyrus are able to
- many services that support ssl/TLS authentication:
Some other servers that support Kerberos authentication:
Some jabber servers such as jabberd2, ejabberd
Apache (via modauthkerb)
You need to configure each such service to be Kerberos-aware, which
seems to be a somewhat nontrivial task...
Ogden Nash - "The trouble with a kitten is that when it grows up,
it's always a cat." -
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy