mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-30 13:30:57 +08:00
KERBEROS has not been a valid password scheme since 2004...
This commit is contained in:
parent
dfe1f2e572
commit
a484ea46d9
@ -274,19 +274,6 @@ verification to another process. See below for more information.
|
||||
Note: This is not the same as using SASL to authenticate the LDAP
|
||||
session.
|
||||
|
||||
H3: KERBEROS password storage scheme
|
||||
|
||||
This is not really a password storage scheme at all. It uses the
|
||||
value of the {{userPassword}} attribute to delegate password
|
||||
verification to Kerberos.
|
||||
|
||||
Note: This is not the same as using Kerberos authentication of
|
||||
the LDAP session.
|
||||
|
||||
This scheme could be said to defeat the advantages of Kerberos by
|
||||
causing the Kerberos password to be exposed to the {{slapd}} server
|
||||
(and possibly on the network as well).
|
||||
|
||||
H2: Pass-Through authentication
|
||||
|
||||
Since OpenLDAP 2.0 {{slapd}} has had the ability to delegate password
|
||||
|
Loading…
Reference in New Issue
Block a user