Firewall Wizards mailing list archives
RE: LDAP and Kerberos?
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 20 Sep 2004 13:46:24 -0400
-----Original Message-----The advantage of mutual authentication is that it prevents playback spoofing and man-in-the-middle attacks. It's designed to make it difficult for a third system to get access to services byeavesdroppingor otherwise intercepting or interfering with the authentication process.Ah, so I can setup my own CA and accomplish most of the same thing. I see now. Thank you.
Exactly. At that point, the only argument that I can think of for using Kerberos instead of SSL and LDAP is that Kerberos can determine whether or not a specific user is allowed to use a specific service. Of course you can probably do something like this with PAM and LDAP groups, so there's not much need for Kerberos even then. PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- LDAP and Kerberos? Christopher Hicks (Sep 17)
- <Possible follow-ups>
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
- Re: LDAP and Kerberos? ArkanoiD (Sep 22)
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
- RE: LDAP and Kerberos? Christopher Hicks (Sep 21)
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
- RE: LDAP and Kerberos? Christopher Hicks (Sep 21)
- Re: LDAP and Kerberos? Mason Schmitt (Sep 27)
- RE: LDAP and Kerberos? Christopher Hicks (Sep 21)