[OpenAFS] LDAP authentication

Rodney M Dyer rmdyer@uncc.edu
Fri, 23 Sep 2005 22:44:02 -0400

At 10:06 PM 9/23/2005, Derek Atkins wrote:
>LDAP is *NOT* an authentication service.  If you think it is, then you are 
>just confused.

And this is my single biggest gripe with the industry.  Many off-the-shelf 
ID management and portal solutions from "big" vendors (Sun/Novell) are 
using LDAP with SSL for authentication and hiding encrypted passwords in 
secret stores for all the auxiliary services.  It's as if most enterprise 
IT shops and their vendors just gave up on the holy grail of total 
integration and are opting for simple solutions that will get them by.  I 
don't think they  understand the difference between authentication and 
authorization.  Oh well, anything to sell a product right?