[Fedora-directory-users] Question about Kerberos and FDS
Rich Megginson
rmeggins at redhat.com
Tue Oct 18 03:22:11 UTC 2005
speedy zinc wrote:
>Hi,
>
>I've read the white paper "Red Hat Identity Management
>and Security Solutions", and on page 13, it said that
>Red Hat Directory Server supports a variety of
>authentication standards and technologies, including:
>
>- ...
>- Kerberos tickets via SASL/GSSAPI
>- ...
>
>What does that exactly mean? Does that mean RHDS can
>issue kerberos ticket out of the box?
>
No.
>Or does that
>mean I need to setup a kerberos server and use RHDS as
>the backend for user information?
>
>
Yes. When you use kinit to acquire your ticket, you can use that ticket
to authenticate to the directory server.
>And this one:
>- Impersonation (proxy) for multi-tier client
>applications.
>
>Could someone explain what does it mean and how can it
>be used?
>
>
Sure. This is most often used with web apps or other apps that set up a
pool of connections to the directory server. Each connection in the
pool is bound as a proxy user. When a real user wants to authenticate,
the proxy connection passes the real user's bind credentials to the
directory server using the proxy auth control.
>Thanks a lot
>
>sz
>
>
>
>
>__________________________________
>Yahoo! Music Unlimited
>Access over 1 million songs. Try it free.
>http://music.yahoo.com/unlimited/
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051017/df57ed9c/attachment.bin>
More information about the Fedora-directory-users
mailing list