Skip to content

OpenLDAP and Kerberos

July 23, 2010

OpenLDAP and Kerberos

Directory service is used to store, organize and provide access to information in a directory. It provides the access control by constructing a map between name and values. The map can be used for verifying user information, when user log into a service for example, a website.

Wikipedia provides a good list of software for directory service. We will focus on introducing OpenLDAP and Kerberos.

OpenLDAP is an open source software implementing the Lightweight Directory Access Protocol (LDAP).  LDAP was created by Tim Howes with his dissertation work. OpenLDAP largely extends LDAP. It includes stand alone server and libraries. It can support Simple Authentication and Security Layer (SASL), Transport Layer Security (TLS), and Secure Sockets Layer (SSL), which are the features of LDAPV2 making the verification process more secure. It also supports next generation Internet Protocol version 6 (IPV6).

Kerberos is another directory service from MIT. It uses strong cryptography allowing a client to prove its identity to a server (and vice versa) across an insecure network connection.

Compared with OpenLDAP, Kerberos provides more secured internet authentication, where OpenLDAP is typically used in the simple access control environment, source  1 2 3

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: