From a484ea46d94e9bc4cb4c6cd0b6cb1b98c9ff7d42 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 10 Sep 2010 08:50:39 +0000 Subject: [PATCH] KERBEROS has not been a valid password scheme since 2004... --- doc/guide/admin/security.sdf | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf index 718a558240..19c9363553 100644 --- a/doc/guide/admin/security.sdf +++ b/doc/guide/admin/security.sdf @@ -274,19 +274,6 @@ verification to another process. See below for more information. Note: This is not the same as using SASL to authenticate the LDAP session. -H3: KERBEROS password storage scheme - -This is not really a password storage scheme at all. It uses the -value of the {{userPassword}} attribute to delegate password -verification to Kerberos. - -Note: This is not the same as using Kerberos authentication of -the LDAP session. - -This scheme could be said to defeat the advantages of Kerberos by -causing the Kerberos password to be exposed to the {{slapd}} server -(and possibly on the network as well). - H2: Pass-Through authentication Since OpenLDAP 2.0 {{slapd}} has had the ability to delegate password -- 2.39.5