Am Freitag, 13. Januar 2006 21:37 schrieb ext Jose Gonzalez Gomez: > BIG WARNING: Don't do this unless you're using simple bind over SSL > protected connections unless you want your passwords to travel (almost?) > as clear text through the network.
And because of this, I'd recommend separating authentication from
authorization, i.e. use LDAP to store user data WITHOUT passwords, and use
Kerberos for password storage. There is only one situation where
(encrypted) passwords travel over the network when using kerberos: password
change.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: [EMAIL PROTECTED]
Hambornerstraße 55 | Web: http://www.capgemini.com
D-40472 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
pgps3iLplvm0c.pgp
Description: PGP signature
