LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kerberos vs LDAP SSL? (http://www.linuxquestions.org/questions/linux-security-4/kerberos-vs-ldap-ssl-876337/)

wilslm 04-21-2011 09:49 AM

Kerberos vs LDAP SSL?
 
Hi there,

I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled.

I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf?

My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.

Am I wrong?

poorsod 04-21-2011 02:27 PM

Quote:

Originally Posted by wilslm (Post 4331611)
Hi there,

I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled.

I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf?

My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.

Am I wrong?

I'm think kerberos gives you a secure authentication at the beginning of the LDAP connection. However SSL will encrypt the whole communication (which may involve sensitive data found in your LDAP directory).
I don't see any problem with using both if that's possible.


All times are GMT -5. The time now is 01:01 AM.