[OpenAFS] LDAP authentication

Derek Atkins warlord@MIT.EDU
Fri, 23 Sep 2005 22:06:52 -0400

Quoting S P Arif Sahari Wibowo <arifsaha@yahoo.com>:

>> LDAP is a directory service, not an authentication service.
> Correction: "not *only* an authentication service". :-) LDAP can be 
> an effective and secure authentication service, like how the linux 
> machines here do it.

It's not at all secure.  How can I use LDAP to get me a single-singon 
token that
I can use to authenticate to a service without having to retype my
authentication password?  No, sorry, LDAP is *JUST* a directory service.  One
could use NIS, Hesiod, or even SQL instead of LDAP and have a 1:1 mapping of
features.  LDAP is *NOT* an authentication service.  If you think it is, then
you are just confused.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available