Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] LDAP authorisation?
  • From: Ørnulf Nielsen <on@xxxxxxxxx>
  • Date: Fri, 09 Feb 2001 16:36:57 +0100
  • Message-id: <3A840E99.9A741507@xxxxxxxxx>
> this is just an idea. We plan to set up some LDAP directory as
> addressbook. Maybe it's possible to make user authorisations via
> LDAP. I think I've heard abount a "pam_ldap" module. For linux
> this could work. Maybe there's some solution for Windows, too,
> maybe samba or Win2K.
> Can (Open-) LDAP be used as YP replacement? When useing MD5
> hashes (shouldn't be a problem, I guess) it would be more secure
> than YP.

LDAP use SASL, and SASL supports the following mechanisms:
GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5)

you can also tell SASL to use pam.

> Does anybody tried such things in practise? Is it stable or
> experimental stuff only? Is LDAP itself maybe a security problem?

All LDAP requests may be encrypted using SSL, so it shouldn't be a

Check out

Further questions (bout' setup) should be posted to the OpenLDAP
mailinglist or PADL's mailinglist (pam_ldap).

Ørnulf Nielsen

< Previous Next >