HPE Community
Operating System - Linux
1829113 Members
13698 Online
109986 Solutions
New Discussion

Re: LDAP and Kebros

 
SOLVED
Go to solution
Ragni Singh
Super Advisor

‎02-22-2006 04:31 AM

‎02-22-2006 04:31 AM

LDAP and Kebros

Hey all, what is what here. Whats the difference between the 2 and when would you use each one of those. What are you guys preference. ANy input is greatly appreciated. I need to convience my boss with one or the other.

POints will be assigned as always.
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎02-22-2006 04:54 AM

‎02-22-2006 04:54 AM

Solution

Re: LDAP and Kebros

Shalom Sanjit,

LDAP is a authentication protocol that uses a lightweight database for user information. It supports easy integration across Unix, Windows, Linux. The security is good and it can work with Kerberos.

Kerberos is more on the encyption and security side. It is a way of exchanging encrypted information, including but not limited to authentication metod that involves the exchange of secure tickets. It is very safe, and you can actually use the two together.

LDAP is more widely used and is somewhat easier to integrate with windows. You can actually use LDAP to create an integrated, single sign on for Unix, Linux, Windows.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Vitaly Karasik_1
Honored Contributor

‎02-22-2006 05:23 AM

‎02-22-2006 05:23 AM

Re: LDAP and Kebros

Exactly as SEP said, these two protocols may work together - in fact, MS windows domain uses both of them.
I suggest you to start with LDAP.
If you can describe your environment/requrements, it will help us to provide better answers.
Reply
Andrew Cowan
Honored Contributor

‎02-22-2006 07:15 PM

‎02-22-2006 07:15 PM

Re: LDAP and Kebros

Sorry to SEP but I beg to differ here.

Kerberos was designed to remove the need to send clear text passwords or tokens over a network in order to authenticate a person or service, and also remove the need to have an explicit trust such as a "/.rhosts" file.

It is a common mistake to believe that a Kerberised service uses encrypted data, becuase although it can, it usually doesn't. When a service is Kerberised it simply means that it applies for a TGT (Ticket Granting Ticket) from a TGS (Ticket Granting Server), and this TGT iscan then produce a Service Ticket which is like a time-limited magic password that enables you to directly access another machine or service.
Once the connection is established, e.g. RSH, the data is completely unaltered, or protected, and can easily be read by a third party.

Kerberos is a good thing to use because it is a fairly efficient way to ensure that hosts and users are who they claim to be, and that you are not being spoofed.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.