Originally Posted by labratmatt
So why do people use LDAP if Kerberos alone will work? Does LDAP simply let you do the same thing on a larger level? Thanks!
LDAP is good for several things:
- Keeping track of a bunch of data about people
- Providing a central repository for data, that can be queried remotely
- Generating other forms of the data (like passwd and group files)
- Doing specific authorization for certain users (requires apps to understand LDAP)
So yes, LDAP is good for larger scale setups. Kerberos by itself just does basic authentication - a user can prove identity, but it doesn't say anything else about that user.