Comments on: Opening the Development Process http://www.painless-security.com/blog/2007/10/01/krb5-open Sam Hartman on Security for Real-World Users Tue, 15 Mar 2011 10:50:34 +0000 hourly 1 http://wordpress.org/?v=3.0.5 By: http://the-olo.livejournal.com/ http://www.painless-security.com/blog/2007/10/01/krb5-open/comment-page-1#comment-5 http://the-olo.livejournal.com/ Fri, 09 Nov 2007 18:16:52 +0000 http://www.painless-security.com/blog/2007/10/krb5-open/#comment-5 Hi! I have a thought about general future direction for Kerberos and I'd like to share it. IMO Kerberos protocol should be merged into LDAP protocol (using LDAP extended operations or even devising a new revision of the LDAP protocol itself). Currently lots of people get confused by the separation of those two, and use them improperly (e.g. the widespread use of LDAP for authentication using LDAP simple bind operation). The present implementations should also be to blame - it's quite complex to e.g. get OpenLDAP and MIT Kerberos to work together, while there should be a solution that practically works out of the box. You can read my detailed thoughts on this subject on my blog: http://olo.org.pl/dr/node/27 Hi!

I have a thought about general future direction for Kerberos and I’d like to share it. IMO Kerberos protocol should be merged into LDAP protocol (using LDAP extended operations or even devising a new revision of the LDAP protocol itself).

Currently lots of people get confused by the separation of those two, and use them improperly (e.g. the widespread use of LDAP for authentication using LDAP simple bind operation).
The present implementations should also be to blame – it’s quite complex to e.g. get OpenLDAP and MIT Kerberos to work together, while there should be a solution that practically works out of the box.

You can read my detailed thoughts on this subject on my blog:
http://olo.org.pl/dr/node/27

]]>