This page is READ-ONLY. It is generated from the old site.
All timestamps are relative to 2013 (when this page is generated).
If you are looking for TeX support, please go to

kerberos vs ldap

hai cái này khác nhau à nghe
Added by over 4 years ago

Edward Murrell-2 wrote

Authentication is the process of proving who you are. But, just because I can prove I'm who I say I am via a drivers licence, doesn't mean I'm getting into the club. "Your name isn't on the list."

Kerberos is a (secure) authentication mechanism. It is used to prove that a user talking to a server (for an example, an email server), that a user is who they say they are.

It also works in reverse, it proves that a server is the server the user intended to talk to, so that if the communication process is disrupted or diverted., the user and the server will know.

LDAP is a directory service. It used to store and lookup public (relatively speaking) information on an object (which may be a person, a user group, a computer, a printer, or many other things) such as phone numbers, email addresses, the full name of a person, physical locations, address, group members, and so on.

Because the administrator may wish to control access to various pieces of information in the LDAP store (for example, home address of employees), it is necessary to have an authentication mechanism of some kind. Kerberos can and is used for this purpose using GSSAPI, but often the the built in 'Simple Authentication' mechanism is used.

Since LDAP has to do authentication for itself, it can provide this service for other things, such as our hypothetical email service. However, this may be in plain text (ie; the network traffic can be sniffed), nor does it provide 'Single Sign On' so the user would have to keep typing in their password (or store it in plain text on the disk of the machine), and it provides no way for the server to prove to the user if it really is the server it says it is.

So; Kerberos is secure two-way authentication. LDAP is a store of information that can provide one way, possibly secure authentication.

Confused yet? :)

The common relationship is that Kerberos is used to provide authentication for a user/server, and LDAP is used to retrieve information ABOUT that user.

Phê chưa :)