Firewall Wizards mailing list archives
Re: LDAP and Kerberos?
From: Mason Schmitt <hr824 () sunwave net>
Date: Tue, 21 Sep 2004 11:24:29 -0700
On September 20, 2004 09:27 am, Christopher Hicks wrote:
About 200 users currently. The LDAP server will be used for authenticating a handful of web apps (one of which is bugzilla and several others we've written in house), autenticating Linux/UNIX shell users across a dozen boxes, and supporting distributing authoritative sendmail across an array of three boxes widely geographically distributed. So, kerberos gets me nothing for sendmail or bugzilla as far as I know. I'm sure the Linux login piece could be kerberized, but since the primary login method for 98% of the users is across the web there's not going to be any useful single logon. Oh, I do want to do samba through LDAP at some point.
One of the valid security advantages of kerberos vs ldap is the finite lifetime of the ticket and the central management of ticket lifetime. This would make sense for your samba deployment, and linux/UNIX shell access, but has no value for your web app. -- Mason Schmitt _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- LDAP and Kerberos? Christopher Hicks (Sep 17)
- <Possible follow-ups>
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
- Re: LDAP and Kerberos? ArkanoiD (Sep 22)
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
- RE: LDAP and Kerberos? Christopher Hicks (Sep 21)
- RE: LDAP and Kerberos? Melson, Paul (Sep 21)
- RE: LDAP and Kerberos? Christopher Hicks (Sep 21)
- Re: LDAP and Kerberos? Mason Schmitt (Sep 27)
- RE: LDAP and Kerberos? Christopher Hicks (Sep 21)