Hosting Provided By

Re: KerberLDAP (Re: openbsd yp security)

From: Chuck Yerkes <chuck+obsd(at)2003.snew.com>
Date: Fri Jan 31 2003 - 12:53:45 EST

And kerberos works great in a closed or controlled environment. Schools are great for that. So are corps. The net-at-large isn't. It's bad at ISPs.

SSH is fine when you are dealing with users/hosts that don't have a previous relationship. A good complement to kerberos (ok, there's overlap and ssh with kerberos is dandy).

RE: setting up a long lived ssl tunnel - I might as well just use IPSec in that case. Not any harder, really.

And the LIGHTWEIGHT in LDAP is compared to a full blown X500 directory. An LDAP goal (@ umich) was to make directory access available on machines that didn't require server rooms - mac with 4MB of RAM as available at the time. X.500 was a bit of a fiasco of implementation. Decent initial idea bloated beyond usability. Therefore it was appealing to many corporate folk I dealt with who just didn't hear "it doesn't do what you want it to do."

Quoting Bob Beck (beck@bofh.ucs.ualberta.ca):
> >That would be great to know for sure. Yes anyone other than the
Received on Fri Jan 31 12:54:59 2003

This message: [ Message body ]
Next message: Chuck Yerkes: "Re: start and stop program"
Previous message: Jyri Hovila: "Re: VPN with ADSL (dynamics IPs)"
In reply to Bob Beck: "Re: KerberLDAP (Re: openbsd yp security)"
Next in thread: dreamwvr(at)dreamwvr.com: "Re: KerberLDAP (Re: openbsd yp security)"
Reply: dreamwvr(at)dreamwvr.com: "Re: KerberLDAP (Re: openbsd yp security)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:32:40 EDT