1 |
2006/1/13, John Jolet <john@×××××.net>: |
2 |
> |
3 |
> |
4 |
> On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote: |
5 |
> |
6 |
> > thanks. I believe I am starting to understand this. |
7 |
> > |
8 |
> > I was seeing that ldap can authenticate in a lot of types, like , |
9 |
> > databases, files, and PAM do some things like that too.... or am I |
10 |
> > wrong ? |
11 |
> > |
12 |
> as far as I know you are wrong. ldap is an authentication |
13 |
> mechanism. it stores usernames, passwords, and much more. |
14 |
> |
15 |
|
16 |
LDAP is *not* an authentication mechanism. LDAP stands for Lightweight |
17 |
Directory Access Protocol, so LDAP is a protocol you use to access data |
18 |
stored in a structured way, called directory. An LDAP directory is a |
19 |
directory that may be accessed using LDAP. An LDAP server is a server that |
20 |
serves its data using LDAP. LDAP servers are used for a lot of things, and |
21 |
two of them may be single sign on or centralized authentication (they are |
22 |
different although related things). |
23 |
|
24 |
To access data in a directory you may have to authenticate to access the |
25 |
data. This authentication can be done in several ways, and one of them is |
26 |
called simple bind: in this case you provide a path to locate an object in |
27 |
the directory and a password and the server "compares" the password provided |
28 |
with the password stored in the specified object. IIRC the PAM-LDAP module |
29 |
uses simple bind to authenticate an user trying to gain access to the |
30 |
system. This is, the PAM module takes the provided user and password and |
31 |
tries to authenticate itself against the LDAP server using the simple bind |
32 |
mechanism, translating the user into a path to locate the object |
33 |
representing that user in the directory. |
34 |
|
35 |
BIG WARNING: Don't do this unless you're using simple bind over SSL |
36 |
protected connections unless you want your passwords to travel (almost?) as |
37 |
clear text through the network. |
38 |
|
39 |
HTH |
40 |
Jose |