So I've begun working on implementing an OpenLDAP directory for myself, and I'm currently considering my options for authentication schemes. Kerberos seems to be a popular choice for LDAP servers. What I am trying to understand is, what is it that makes Kerberos such a popular choice? What security or administrative bonuses are to be gained from Kerberos over doing something like a simple bind over SSL/TLS? I have done some reading on how Kerberos works, but I have never implemented it before, so I don't have a very firm grasp on it.
I was just hoping to get some brain dumps and thoughts. Thanks in addvance to anyone who shares!
Microsoft adopted Kerberos a bunch of years ago and it's supported by many, if not all of the major *nix families. There are quirks in the implementations, but just about every platform understands it. That's why it's so popular.