Configuring the Kerberos Server with LDAP
Setting up Your LDAP Configuration
Chapter 6 85
you can access the information in the directory. Hence, you need to
choose an authentication method. Currently, the supported
mechanisms are Password and SSL.
The SSL protocol was devised to provide both authentication and
data security. SSL encapsulates the TCP/IP socket so that every
TCP/IP application can use it to secure its communication. This
enables clients to verify the identity of the server and to encrypt
communication of the basic authentication from the clients to the
server on insecure networks. To ensure message integrity and
privacy, SSL has the following features:
— Provides a hashing algorithm
— Provides for the creation and use of an encrypted communication
channel
If you choose Password as the security mechanism then the client
authenticates to an LDAP server by sending a bind request to the
server.
NOTE In the Password security mechanism, passwords are transmitted in
clear text and are vulnerable to snooping.
The primary advantage of using Password is that it is the required
authentication method as defined in the LDAP standard, and all
directory servers support it.
• What is the name of your default base DN for search?
Entries are organized in a tree-like structure called the Directory
Information Tree (DIT). Entries are arranged within the DIT based
on their DNs. Distinguished Name (DN) is a unique name that
unambiguously identifies a single entry. DNs are made up of a
sequence of Relative Distinguished Names (RDNs). Each RDN in a
DN corresponds to a branch in the DIT leading from the root of the
DIT to the directory entry. A DN is composed of a sequence of RDNs
separated by commas.
For example, ou=people, o=bambi.com
The default base DN for search is the root of the directory tree on the
Directory server, where the Kerberos server searches for kerberos
principals.
