[Fedora-directory-users] Question about Kerberos and FDS

Rich Megginson rmeggins at redhat.com
Tue Oct 18 03:22:11 UTC 2005

speedy zinc wrote:

>I've read the white paper "Red Hat Identity Management
>and Security Solutions", and on page 13, it said that
>Red Hat Directory Server supports a variety of
>authentication standards and technologies, including:
>- ...
>- Kerberos tickets via SASL/GSSAPI
>- ...
>What does that exactly mean? Does that mean RHDS can
>issue kerberos ticket out of the box?

>Or does that
>mean I need to setup a kerberos server and use RHDS as
>the backend for user information?
Yes.  When you use kinit to acquire your ticket, you can use that ticket 
to authenticate to the directory server.

>And this one:
>- Impersonation (proxy) for multi-tier client
>Could someone explain what does it mean and how can it
>be used?
Sure.  This is most often used with web apps or other apps that set up a 
pool of connections to the directory server.  Each connection in the 
pool is bound as a proxy user.  When a real user wants to authenticate, 
the proxy connection passes the real user's bind credentials to the 
directory server using the proxy auth control.

>Thanks a lot
>Yahoo! Music Unlimited 
>Access over 1 million songs. Try it free.
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20051017/df57ed9c/attachment.bin>

More information about the 389-users mailing list