6. Using LDAP as a security tool
LDAP is a directory. Very often, entries contain not only user IDs, but also passwords. So it quickly became apparent that using a directory to set up a security system to control access to a wide range of applications would be an interesting option.
There are many, many uses in this field. We are therefore presenting only a limited number of them.
6.1 Key distribution server (Kerberos)
A Kerberos server [37] [38] needs to be able to access a database containing the identifiers and keys of the various users ("principals" in Kerberos terminology). This database can be based on an LDAP directory, which will then contain, for each user in the Kerberos domain, the data required for ticket distribution.
The MIT and...
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Using LDAP as a security tool
Conclusion
Bibliography
Appendix: configuration files
The configuration files presented here can be used to build a variety of simple certificates, enabling you to quickly set up a TLS connection as part of an LDAP server. These files are provided as examples only.
For more information on the structure of OpenSSL configuration files, see .
1 - root-ca-cert.cnf
This configuration file...
The Ultimate Scientific and Technical Reference
