Firewall Wizards mailing list archives

RE: LDAP and Kerberos?

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 20 Sep 2004 13:46:24 -0400

-----Original Message-----

The advantage of mutual authentication is that it prevents playback
spoofing and man-in-the-middle attacks.  It's designed to make it 
difficult for a third system to get access to services by

eavesdropping

or otherwise intercepting or interfering with the authentication 
process.


Ah, so I can setup my own CA and accomplish most of the same 
thing.  I see 
now.  Thank you.


Exactly.  

At that point, the only argument that I can think of for using Kerberos
instead of SSL and LDAP is that Kerberos can determine whether or not a
specific user is allowed to use a specific service.  Of course you can
probably do something like this with PAM and LDAP groups, so there's not
much need for Kerberos even then.

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

LDAP and Kerberos? Christopher Hicks (Sep 17)
- <Possible follow-ups>
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
  - Re: LDAP and Kerberos? ArkanoiD (Sep 22)
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
  - RE: LDAP and Kerberos? Christopher Hicks (Sep 21)
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
  - RE: LDAP and Kerberos? Christopher Hicks (Sep 21)
    - Re: LDAP and Kerberos? Mason Schmitt (Sep 27)