Originally Posted by wilslm
I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled.
I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf?
My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.
Am I wrong?
I'm think kerberos gives you a secure authentication at the beginning of the LDAP connection. However SSL will encrypt the whole communication (which may involve sensitive data found in your LDAP directory).
I don't see any problem with using both if that's possible.