Whats in your LDAP?
shane at hathawaymix.org
Mon Oct 22 17:14:41 MDT 2007
Michael L Torrie wrote:
> Grant Shipley wrote:
>> We use Red Hat Directory Server here at Red Hat as the back end of our
>> SSO implementation. Anytime you log in to redhat.com or RHN, you are
>> binding via LDAP.
> Hmm. This is interesting considering that although everyone does this,
> but it raises the point that LDAP really is an authorization solution,
> not an authentication solution. Thus people often say "use LDAP" when
> they really mean one should use kerberos, or something similar. I'm
> betting RH is using SASL and kerberos on the back end; I certainly hope
> my RHN credentials are not stored in LDAP! In the ideal world, there
> should never be any password information whatsoever stored in LDAP.
Hmm, I'm missing something. Why not? The passwords stored in my LDAP
database are encrypted, and I'm not using Kerberos; is there something
wrong with that?
More information about the PLUG