Kerberos vs. LDAP for authentication -- which one is more secure
Can anyone describe/outline the relative merits of using Kerberos or LDAP for authentication in a large heterogeneous environment?
Can we switch between them transparently?
In what context are you looking to use Kerberos/LDAP auth? Is it for a web app, client app, etc.?
Authenticating client computers over a domain , for different services and resources access
Where possible use Kerberos authentication above all else. It was built for providing authentication/authorization and is the most secure option. The whole premise is to exchange credentials in an environment that isn't trusted.
LDAP can be easily misconfigured to send credentials in clear text over the network. An easy way to prevent this is always use LDAPS (TCP636) as it encapsulates all traffic in SSL. LDAP is often used for adhoc authentication/authorization especially web applications using forms authentication.