upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-21 23:29:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

KERBEROS has not been a valid password scheme since 2004...

Browse source
This commit is contained in:
Howard Chu 2010-09-10 08:50:39 +00:00
parent dfe1f2e572
commit a484ea46d9
1 changed files with 0 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
doc/guide/admin/security.sdf
View file

@ -274,19 +274,6 @@ verification to another process. See below for more information.
Note: This is not the same as using SASL to authenticate the LDAP Note: This is not the same as using SASL to authenticate the LDAP
session. session.
H3: KERBEROS password storage scheme
This is not really a password storage scheme at all. It uses the
value of the {{userPassword}} attribute to delegate password
verification to Kerberos.
Note: This is not the same as using Kerberos authentication of
the LDAP session.
This scheme could be said to defeat the advantages of Kerberos by
causing the Kerberos password to be exposed to the {{slapd}} server
(and possibly on the network as well).
H2: Pass-Through authentication H2: Pass-Through authentication
Since OpenLDAP 2.0 {{slapd}} has had the ability to delegate password Since OpenLDAP 2.0 {{slapd}} has had the ability to delegate password