Configuring the Kerberos Server with LDAP

Setting up Your LDAP Configuration

you can access the information in the directory. Hence, you need to choose an authentication method. Currently, the supported mechanisms are Password and SSL.

The SSL protocol was devised to provide both authentication and data security. SSL encapsulates the TCP/IP socket so that every TCP/IP application can use it to secure its communication. This enables clients to verify the identity of the server and to encrypt communication of the basic authentication from the clients to the server on insecure networks. To ensure message integrity and privacy, SSL has the following features:

Provides a hashing algorithm

Provides for the creation and use of an encrypted communication channel

If you choose Password as the security mechanism then the client authenticates to an LDAP server by sending a bind request to the server.

NOTE

In the Password security mechanism, passwords are transmitted in

 

clear text and are vulnerable to snooping.

 

 

The primary advantage of using Password is that it is the required authentication method as defined in the LDAP standard, and all directory servers support it.

What is the name of your default base DN for search?

Entries are organized in a tree-like structure called the Directory Information Tree (DIT). Entries are arranged within the DIT based on their DNs. Distinguished Name (DN) is a unique name that unambiguously identifies a single entry. DNs are made up of a sequence of Relative Distinguished Names (RDNs). Each RDN in a DN corresponds to a branch in the DIT leading from the root of the DIT to the directory entry. A DN is composed of a sequence of RDNs separated by commas.

For example, ou=people, o=bambi.com

The default base DN for search is the root of the directory tree on the Directory server, where the Kerberos server searches for kerberos principals.

Chapter 6

85