Not registered ? Sign Up!
IceWalkers.com - Linux Software downloads and news
Name : Password :
Forgot your password?
Linux SoftwareLinux RPMLinux HowtosLink UsAboutAdvertise
What's new? | Linux Software | Linux RPM Database | Linux Howtos | Add Software |
Free eBook: The 7 Things that IT Security Professionals MUST KNOW!

HOWTOs

Search Howtos :Match :
Howtos Index
LDAP Linux HOWTO
PrevChapter 6. Additional Information and FeaturesNext

6.2. Authentication using LDAP

To access the LDAP service, the LDAP client first must authenticate itself to the service. That is, it must tell the LDAP server who is going to be accessing the data so that the server can decide what the client is allowed to see and do. If the client authenticates successfully to the LDAP server, then when the server subsequently receives a request from the client, it will check whether the client is allowed to perform the request. This process is called access control.

In LDAP, authentication is supplied in the "bind" operation. Ldapv3 supports three types of authentication: anonymous, simple and SASL authentication. A client that sends a LDAP request without doing a "bind" is treated as an anonymous client. Simple authentication consists of sending the LDAP server the fully qualified DN of the client (user) and the client's clear-text password. This mechanism has security problems because the password can be read from the network. To avoid exposing the password in this way, you can use the simple authentication mechanism within an encrypted channel (such as SSL), provided that this is supported by the LDAP server.

Finally, SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, LDAP can support any type of authentication agreed upon by the LDAP client and server. The Cyrus-SASL package is available at the following URL: http://asg.web.cmu.edu/sasl/sasl-library.html.

Further on authenticating users to access information from your Directory Tree, your LDAP server can authenticate users from other services too (Sendmail, Login, Ftp, etc.). This is accomplished migrating specific user information to your LDAP server and using a mechanism called PAM (Pluggable Authentication Module). The authentication module for LDAP is available as a tar ball on the following address: http://www.padl.com/OSS/pam_ldap.html

PrevHomeNext
LDAP Migration ToolsUpSASL Configuration: Digest-MD5
Search Howtos :Match :
Howtos Index
Transmission 1.41 beta 2
Lightweight, yet powerful BitTorrent client
X-Moto 0.5.0
2D motocross platform game
Gdm 2.25.1
Reimplementation of the well known xdm program.
Linux Kernel 2.6 2.6.28-rc7
Linux Kernel
Linux Kernel 2.4 2.4.37
Linux Kernel
RIP 7.3
Small linux system for the purpose of system booting or repairing
GEdit 2.25.1
Small but powerful text editor
VLC media player 0.9.7
Cross-platform media player and streaming server
GNOME 2.25.2
GNOME desktop environment
WebGUI 7.6.5
A fully featured content management system.
Free IT Magazines, White Papers, eBooks, and more !
Dr. Dobb's Journal

Dr. Dobb's Journal enables programmers to write the most efficient and sophisticated programs and help in daily programming quandaries.
The 7 Things that IT Security Professionals MUST KNOW!

Gain key insight into security problem and find the safest means to protect your technological assets.
Database Trends and Applications

Provides timely coverage of the technology, intelligence and insight needed to plan, implement and manage information-rich projects.

Linux Software Map
Find Linux RPM
Best Rated Linux Software
Most Rated Linux Software
Linux Distributions
Linux Howtos
Quick Survey

Please take our survey and help us improve our website to serve you better.

Thank you.
Linux Software
Linux / IT Resources
Site Resources
Google
Privacy Policy
Contact Us
Submit Software
Advertising info