speedy zinc wrote: >Hi, > >I've read the white paper "Red Hat Identity Management >and Security Solutions", and on page 13, it said that >Red Hat Directory Server supports a variety of >authentication standards and technologies, including: > >- ... >- Kerberos tickets via SASL/GSSAPI >- ... > >What does that exactly mean? Does that mean RHDS can >issue kerberos ticket out of the box? > No. >Or does that >mean I need to setup a kerberos server and use RHDS as >the backend for user information? > > Yes. When you use kinit to acquire your ticket, you can use that ticket to authenticate to the directory server. >And this one: >- Impersonation (proxy) for multi-tier client >applications. > >Could someone explain what does it mean and how can it >be used? > > Sure. This is most often used with web apps or other apps that set up a pool of connections to the directory server. Each connection in the pool is bound as a proxy user. When a real user wants to authenticate, the proxy connection passes the real user's bind credentials to the directory server using the proxy auth control. >Thanks a lot > >sz > > > > >__________________________________ >Yahoo! Music Unlimited >Access over 1 million songs. Try it free. >http://music.yahoo.com/unlimited/ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051017/df57ed9c/attachment.bin
