6 Nov
2018
6 Nov
'18
5:58 a.m.
On 11/05/2018 02:43 PM, Ben Greenfield via TUHS wrote:
I found that I had to do all of this using SASL.
At first read I was thinking "SASL? Really?". Then I remembered that
Simple Authentication and Security Layer is really just an abstraction
layer. An abstraction layer that very easily could have (but I don't
know one way or the other) a back end to Kerberos.
I remember it as SASL would handle the kerberization
during boot up
getting tickets for each LDAP entry that you wanted mapped to a service
on that client.
Hum.
I could be wrong but I think SASL seems to be way
connect services on
Linux with LDAP that are served kerberized.
I've always viewed SASL as a way for applications to outsource the
authentication / security so that the program code didn't need to worry
about it. It also allowed SASL to manage supporting all the different
back end security methods.
I also think much the same about PAM. - In fact, I don't think I could
properly differentiate between PAM and SASL.
--
Grant. . . .
unix || die