Kerberos vs LDAP - Which is more secure for authentication?

171    Asked by AlisonKelly in Cyber Security , Asked on Apr 6, 2022

Can you describe/outline the relative merits of using Kerberos or LDAP for authentication in a large heterogeneous environment?

And Can we switch between them transparently?

Answered by Amit Sinha

Kerberos vs LDAP







  • LDAP authentication is centralised authentication, meaning you have to login with every service, but if you change your password it changes everywhere.
  • Kerberos is single sign-on (SSO), meaning you login once and get a token and don't need to login to other services.
  • There's a trade-off: LDAP is less convenient but simpler. Kerberos is more convenient but more complex. Secure things are simple and convenient.
  • There's no right answer. If you need SSO use Kerberos. Else LDAP. You could also consider YP/NIS (over IPSEC) for centralised authn.
  • The fact that the OpenBSD security hawks dropped Kerberos but made their own LDAP server might tell you something... Can we switch between them transparently?
  • No, you cannot. Well, maybe you can with PAM. But your users will notice.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com