Re: Authentication

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

At 02:13 PM 10/26/00 -0700, Booker C. Bense wrote:
>[1] - This is by no means a slight on the Net::LDAPapi author.  The
>original fault goes back to the Umich Ldap authors who did not use
>kerberos correctly. Net::LDAPapi just provides an interface to this, (
>and does it quite well ).  

I concur.  In OpenLDAP, Kerberos IV bind (kbind) is deprecated
in favor of SASL/GSSAPI.  I believe most other LDAP implementations
have long since stopped support for kbind.

>[3] - Isn't this deprecated? 

Yes.  CRAM-MD5 is deprecated in favor of DIGEST-MD5 (RFC 2831).
Developers should note that DIGEST-MD5 is the LDAPv3
mandatory-to-implement strong authentication mechanism
(RFC 2829).

Kurt