From: Howard Chu Date: Fri, 10 Sep 2010 08:50:39 +0000 (+0000) Subject: KERBEROS has not been a valid password scheme since 2004... X-Git-Tag: MIGRATION_CVS2GIT~483 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a484ea46d94e9bc4cb4c6cd0b6cb1b98c9ff7d42;p=openldap KERBEROS has not been a valid password scheme since 2004... --- diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf index 718a558240..19c9363553 100644 --- a/doc/guide/admin/security.sdf +++ b/doc/guide/admin/security.sdf @@ -274,19 +274,6 @@ verification to another process. See below for more information. Note: This is not the same as using SASL to authenticate the LDAP session. -H3: KERBEROS password storage scheme - -This is not really a password storage scheme at all. It uses the -value of the {{userPassword}} attribute to delegate password -verification to Kerberos. - -Note: This is not the same as using Kerberos authentication of -the LDAP session. - -This scheme could be said to defeat the advantages of Kerberos by -causing the Kerberos password to be exposed to the {{slapd}} server -(and possibly on the network as well). - H2: Pass-Through authentication Since OpenLDAP 2.0 {{slapd}} has had the ability to delegate password