Re: openldap question and possible feature conflict
>>>>> "Brian" == Brian May <bam@debian.org> writes:
Brian> I have got a bug report #95246 requesting Heimdal be
Brian> compiled against openldap2. This would enable being able to
Brian> store the Kerberos database in the openldap database. All
Brian> data is stored in LDAP encrypted, so even if somebody
Brian> accesses the openldap database, the Kerberos data is not
Brian> compromised.
Please don't do this. The performance is fairly bad and the security
implications are not so great. (My comments on performance come from
Joda forwarded through Assar). For discussions of security, please
see discussion on kerberos@mit.edu (archived off
http://web.mit.edu/kerberos) and minutes of the last two Kerberos
working group meetings at IETF.
If you do this, please do not store keys in the database.
Reply to: