https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737357#M21935 Hey all, what is what here. Whats the difference between the 2 and when would you use each one of those. What are you guys preference. ANy input is greatly appreciated. I need to convience my boss with one or the other. <BR /><BR />POints will be assigned as always. Wed, 22 Feb 2006 12:31:54 GMT Ragni Singh 2006-02-22T12:31:54Z https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737357#M21935 Hey all, what is what here. Whats the difference between the 2 and when would you use each one of those. What are you guys preference. ANy input is greatly appreciated. I need to convience my boss with one or the other. <BR /><BR />POints will be assigned as always. Wed, 22 Feb 2006 12:31:54 GMT https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737357#M21935 Ragni Singh 2006-02-22T12:31:54Z https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737358#M21936 Shalom Sanjit,<BR /><BR />LDAP is a authentication protocol that uses a lightweight database for user information. It supports easy integration across Unix, Windows, Linux. The security is good and it can work with Kerberos.<BR /><BR />Kerberos is more on the encyption and security side. It is a way of exchanging encrypted information, including but not limited to authentication metod that involves the exchange of secure tickets. It is very safe, and you can actually use the two together.<BR /><BR />LDAP is more widely used and is somewhat easier to integrate with windows. You can actually use LDAP to create an integrated, single sign on for Unix, Linux, Windows.<BR /><BR />SEP Wed, 22 Feb 2006 12:54:05 GMT https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737358#M21936 Steven E. Protter 2006-02-22T12:54:05Z https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737359#M21937 Exactly as SEP said, these two protocols may work together - in fact, MS windows domain uses both of them. <BR />I suggest you to start with LDAP.<BR />If you can describe your environment/requrements, it will help us to provide better answers. Wed, 22 Feb 2006 13:23:38 GMT https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737359#M21937 Vitaly Karasik_1 2006-02-22T13:23:38Z https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737360#M21938 Sorry to SEP but I beg to differ here.<BR /><BR />Kerberos was designed to remove the need to send clear text passwords or tokens over a network in order to authenticate a person or service, and also remove the need to have an explicit trust such as a "/.rhosts" file.<BR /><BR />It is a common mistake to believe that a Kerberised service uses encrypted data, becuase although it can, it usually doesn't. When a service is Kerberised it simply means that it applies for a TGT (Ticket Granting Ticket) from a TGS (Ticket Granting Server), and this TGT iscan then produce a Service Ticket which is like a time-limited magic password that enables you to directly access another machine or service.<BR />Once the connection is established, e.g. RSH, the data is completely unaltered, or protected, and can easily be read by a third party.<BR /><BR />Kerberos is a good thing to use because it is a fairly efficient way to ensure that hosts and users are who they claim to be, and that you are not being spoofed. Thu, 23 Feb 2006 03:15:44 GMT https://community.hpe.com/t5/operating-system-linux/ldap-and-kebros/m-p/3737360#M21938 Andrew Cowan 2006-02-23T03:15:44Z