[TUHS] YP / NIS / NIS+ / LDAP
Grant Taylor
gtaylor at tnetconsulting.net
Tue Nov 6 14:58:58 AEST 2018
On 11/05/2018 02:43 PM, Ben Greenfield via TUHS wrote:
> I found that I had to do all of this using SASL.
At first read I was thinking "SASL? Really?". Then I remembered that
Simple Authentication and Security Layer is really just an abstraction
layer. An abstraction layer that very easily could have (but I don't
know one way or the other) a back end to Kerberos.
> I remember it as SASL would handle the kerberization during boot up
> getting tickets for each LDAP entry that you wanted mapped to a service
> on that client.
Hum.
> I could be wrong but I think SASL seems to be way connect services on
> Linux with LDAP that are served kerberized.
I've always viewed SASL as a way for applications to outsource the
authentication / security so that the program code didn't need to worry
about it. It also allowed SASL to manage supporting all the different
back end security methods.
I also think much the same about PAM. - In fact, I don't think I could
properly differentiate between PAM and SASL.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/a1f5c5d7/attachment.bin>
More information about the TUHS
mailing list