A Warm Welcome to Francis's Blog =D

A Warm Welcome to My Blog

9 Jan 2012

LDAP Security Feature

LDAP

What is LDAP?

It is Lightweight Directory Access Protocol, it defines the "language" used for client programs to talk to servers (and servers to servers, too). On the client side, a client may be an email program, a printer browser, or an address book. The server may speak only LDAP, or have other methods of sending and receiving data—LDAP may just be an add-on method.

Security Feature

  • Kerberos Authentication

Kerberos is an open standard based authentication system generally used with password based authentication that is widely deployed, in particular as the default Windows authentication mechanism. A key feature of Kerberos is its use of “Tickets” to retain authentication information so that users do not have to enter username and password for each network application used; this is known as Single Sign On (SSO).

Kerberos is an authentication service commonly used to authenticate the user using an application client (such as an email client) to an application server (such as an email server) by using "tickets" obtained from a trusted third party "Kerberos" server. 

  • SASL Authentication

SASL (Simple Authentication and Security Layer) Internet standards for LDAP client authentication, enabling a wide range of password based authentication mechanisms. The Isode SASL implementation supports a number of authentication mechanisms, given authentication flexibility. SASL also enables authentication using simple string names (as opposed to directory names), which is convenient for applications using directory based authentication.


http://www.isode.com/products/m-vault-security.html
http://www.isode.com/whitepapers/kerberos.html
http://www.gracion.com/server/whatldap.html
Posted by at

2 comments:

  1. derrickthecrazy9 January 2012 at 20:02

    Hi Francis, after reading your blog post, I find it easy to understand the logic of LDAP. Furthermore, the image is rather simple to understand. I would love to see more pictures to explain though. The security features of LDAP could be further explained, like for example, how many number of authentication mechanisms can be supported by SASL. With a video, it would be easier to allow readers on the blog to understand LDAP. Having said that, I still find this blog post very good as it simplifies what LDAP is all about.

    Derrick
    1004000D

    ReplyDelete
  2. Evolution9 January 2012 at 22:56

    Hi Francis, I enjoyed reading your post. I find this post to be in-depth. The information provided was accurate. The background information you have provided gives me a quick understanding about LDAP. Maybe you can explain more on what is ticket granting about. I would like to see the diagram been explained as it will help the readers to easily know more about how LDAP works. Although the image show clearly how Kerberos Authentication works, it will be better if the readers are able to know more about the logic behind it. It will be great if you could add some videos or even explain the diagram further. It will be useful for the reader. Good post! =D

    Ng Yian Hock
    1005984H

    ReplyDelete

Subscribe to: Post Comments (Atom)