| 1 |
2006/1/13, John Jolet <john@×××××.net>: |
| 2 |
> |
| 3 |
> |
| 4 |
> On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote: |
| 5 |
> |
| 6 |
> > thanks. I believe I am starting to understand this. |
| 7 |
> > |
| 8 |
> > I was seeing that ldap can authenticate in a lot of types, like , |
| 9 |
> > databases, files, and PAM do some things like that too.... or am I |
| 10 |
> > wrong ? |
| 11 |
> > |
| 12 |
> as far as I know you are wrong. ldap is an authentication |
| 13 |
> mechanism. it stores usernames, passwords, and much more. |
| 14 |
> |
| 15 |
|
| 16 |
LDAP is *not* an authentication mechanism. LDAP stands for Lightweight |
| 17 |
Directory Access Protocol, so LDAP is a protocol you use to access data |
| 18 |
stored in a structured way, called directory. An LDAP directory is a |
| 19 |
directory that may be accessed using LDAP. An LDAP server is a server that |
| 20 |
serves its data using LDAP. LDAP servers are used for a lot of things, and |
| 21 |
two of them may be single sign on or centralized authentication (they are |
| 22 |
different although related things). |
| 23 |
|
| 24 |
To access data in a directory you may have to authenticate to access the |
| 25 |
data. This authentication can be done in several ways, and one of them is |
| 26 |
called simple bind: in this case you provide a path to locate an object in |
| 27 |
the directory and a password and the server "compares" the password provided |
| 28 |
with the password stored in the specified object. IIRC the PAM-LDAP module |
| 29 |
uses simple bind to authenticate an user trying to gain access to the |
| 30 |
system. This is, the PAM module takes the provided user and password and |
| 31 |
tries to authenticate itself against the LDAP server using the simple bind |
| 32 |
mechanism, translating the user into a path to locate the object |
| 33 |
representing that user in the directory. |
| 34 |
|
| 35 |
BIG WARNING: Don't do this unless you're using simple bind over SSL |
| 36 |
protected connections unless you want your passwords to travel (almost?) as |
| 37 |
clear text through the network. |
| 38 |
|
| 39 |
HTH |
| 40 |
Jose |
Archives