Re: openldap question and possible feature conflict

To: Brian May <bam@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: openldap question and possible feature conflict
From: Sam Hartman <hartmans@mit.edu>
Date: 27 Apr 2001 20:01:22 -0400
Message-id: <[🔎] tsln191q4dp.fsf@sweet-transvestite.mit.edu>
In-reply-to: Brian May's message of "27 Apr 2001 16:43:21 +1000"
References: <[🔎] 84lmom7shi.fsf@snoopy.apana.org.au>

>>>>> "Brian" == Brian May <bam@debian.org> writes:

    Brian> I have got a bug report #95246 requesting Heimdal be
    Brian> compiled against openldap2. This would enable being able to
    Brian> store the Kerberos database in the openldap database. All
    Brian> data is stored in LDAP encrypted, so even if somebody
    Brian> accesses the openldap database, the Kerberos data is not
    Brian> compromised.

Please don't do this.  The performance is fairly bad and the security
implications are not so great. (My comments on performance come from
Joda forwarded through Assar).  For discussions of security, please
see discussion on kerberos@mit.edu (archived off
http://web.mit.edu/kerberos) and minutes of the last two Kerberos
working group meetings at IETF.

If you do this, please do not store  keys in the database.

Reply to:

References:
- openldap question and possible feature conflict
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Referring what kernel-images to build to the technical committee?
Next by Date: Re: ITP: mped -- a small editor with syntax highlighting and more
Previous by thread: openldap question and possible feature conflict
Next by thread: wnpp: ITP: gq - gtk ldap client
Index(es):
- Date
- Thread