Configuring the Kerberos Server with LDAP
Setting up Your LDAP Configuration
you can access the information in the directory. Hence, you need to choose an authentication method. Currently, the supported mechanisms are Password and SSL.
The SSL protocol was devised to provide both authentication and data security. SSL encapsulates the TCP/IP socket so that every TCP/IP application can use it to secure its communication. This enables clients to verify the identity of the server and to encrypt communication of the basic authentication from the clients to the server on insecure networks. To ensure message integrity and privacy, SSL has the following features:
—Provides a hashing algorithm
—Provides for the creation and use of an encrypted communication channel
If you choose Password as the security mechanism then the client authenticates to an LDAP server by sending a bind request to the server.
NOTE | In the Password security mechanism, passwords are transmitted in |
| clear text and are vulnerable to snooping. |
|
|
The primary advantage of using Password is that it is the required authentication method as defined in the LDAP standard, and all directory servers support it.
•What is the name of your default base DN for search?
Entries are organized in a
For example, ou=people, o=bambi.com
The default base DN for search is the root of the directory tree on the Directory server, where the Kerberos server searches for kerberos principals.
Chapter 6 | 85 |