Whats in your LDAP?

Shane Hathaway shane at hathawaymix.org
Mon Oct 22 17:14:41 MDT 2007


Michael L Torrie wrote:
> Grant Shipley wrote:
>> We use Red Hat Directory Server here at Red Hat as the back end of our
>> SSO implementation.  Anytime you log in to redhat.com or RHN, you are
>> binding via LDAP.
> 
> Hmm.  This is interesting considering that although everyone does this,
> but it raises the point that LDAP really is an authorization solution,
> not an authentication solution.  Thus people often say "use LDAP" when
> they really mean one should use kerberos, or something similar.  I'm
> betting RH is using SASL and kerberos on the back end; I certainly hope
> my RHN credentials are not stored in LDAP!  In the ideal world, there
> should never be any password information whatsoever stored in LDAP.

Hmm, I'm missing something.  Why not?  The passwords stored in my LDAP
database are encrypted, and I'm not using Kerberos; is there something
wrong with that?

Shane




More information about the PLUG mailing list