On 11/05/2018 02:43 PM, Ben Greenfield via TUHS wrote:
> I found that I had to do all of this using SASL.

At first read I was thinking "SASL?  Really?".  Then I remembered that 
Simple Authentication and Security Layer is really just an abstraction 
layer.  An abstraction layer that very easily could have (but I don't 
know one way or the other) a back end to Kerberos.

> I remember it as SASL would handle the kerberization during boot up 
> getting tickets for each LDAP entry that you wanted mapped to a service 
> on that client.

Hum.

> I could be wrong but I think SASL seems to be way connect services on 
> Linux with LDAP that are served kerberized.

I've always viewed SASL as a way for applications to outsource the 
authentication / security so that the program code didn't need to worry 
about it.  It also allowed SASL to manage supporting all the different 
back end security methods.

I also think much the same about PAM.  -  In fact, I don't think I could 
properly differentiate between PAM and SASL.



-- 
Grant. . . .
unix || die