discuss: LDAP authentication info
Subject:
Re: LDAP authentication info
From:
"K. Richard Pixley" ####@####.####
Date:
20 Apr 2004 00:39:44 -0000
Message-Id: <4084714E.3000205@noir.com>
Rodolfo J. Paiz wrote:
> I would also appreciate a HOWTO for using and authenticating with LDAP
> for a small network. And note that many times the one and only server is
> a Linux box, so LDAP could be used in a Linux-only scenario for
> small/medium businesses and SOHO environments... many people don't have
> or want a PDC or any kind of Windows-based authentication.
That's pretty much the primary point I'd like to make. It's also useful
for a workgroup within a larger company, if your wintel boxes are
already commited to some other corporate domain or domain replacement
structure, say, like novel.
In order to do so, I think I need to cover or at least point to the
security issues involved in clear passwords over the net,
encrypted/hashed passwords over the net, challenge/response, and
end-to-end encryption like ssl/tls. I should probably also discuss pros
& cons for a linux-authenticates-against-PDC approach.
If it were easy enough, LDAP w/tls should also be a clear winner over
NIS since end-to-end encryption and access control should beat
passwords-in-the-clear any day.
--rich