So I've begun working on implementing an OpenLDAP directory for myself, and I'm currently considering my options for authentication schemes. Kerberos seems to be a popular choice for LDAP servers. What I am trying to understand is, what is it that makes Kerberos such a popular choice? What security or administrative bonuses are to be gained from Kerberos over doing something like a simple bind over SSL/TLS? I have done some reading on how Kerberos works, but I have never implemented it before, so I don't have a very firm grasp on it.I was just hoping to get some brain dumps and thoughts. Thanks in addvance to anyone who shares!
]]>