[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Directory enabled distribution

On Thu, Mar 11, 1999 at 08:41:57AM +1100, Brian May wrote:
> Does LDAP support secure transmission of passwords, or would this require
> an additional protocol like Kerberos?
>
> Does LDAP support encryption?

In OpenLDAP's current form, no. However, there is work to suport the TSL
(SSLeay/OpenSSL) protocol, but I'm not sure how far off this will be
before it is complete.

OpenLDAP already supports kerberos for authentication as a compile time
option. It does not seem to take advantage of kerberos's encrypted
sessions.

However, the passwords as stored in the LDAP database are encrypted
with crypt()'s DES or MD5 algorithm (Debian's version of pam_ldap takes
advantage of both).

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
OpenLDAP Core - bcollins@openldap.org                 bcollins@debian.org
UnixGroup Admin - Jordan Systems         The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --
Reply to: