You are not logged in.

#1 2013-08-23 20:53:49

Registered: 2013-04-30
Posts: 58

OpenLDAP/Kerberos Authentication -- Should I really care?

So I've begun working on implementing an OpenLDAP directory for myself, and I'm currently considering my options for authentication schemes. Kerberos seems to be a popular choice for LDAP servers. What I am trying to understand is, what is it that makes Kerberos such a popular choice? What security or administrative bonuses are to be gained from Kerberos over doing something like a simple bind over SSL/TLS? I have done some reading on how Kerberos works, but I have never implemented it before, so I don't have a very firm grasp on it.

I was just hoping to get some brain dumps and thoughts. Thanks in addvance to anyone who shares!


#2 2013-08-24 01:58:22

Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: OpenLDAP/Kerberos Authentication -- Should I really care?

Microsoft adopted Kerberos a bunch of years ago and it's supported by many, if not all of the major *nix families. There are quirks in the implementations, but just about every platform understands it. That's why it's so popular.


Board footer

Powered by FluxBB