We help IT Professionals succeed at work.

LDAP vs Kerberos

sara2000
sara2000 asked
on
Microsoft has recently announced that it is going to disable LDAP based on the link below.
https://evotec.xyz/four-commands-to-help-you-track-down-insecure-ldap-bindings-before-march-2020/
We configured the AD's windows authentication as the identity source on the vCenter. My understanding is that Windows authentication uses the Kerberos, not the LDAP.  Security is not my strength.
Should we have to change it to AD over LDAPs ?
Comment
Watch Question

Senior Systems Admin
Top Expert 2010
Commented:

They aren't disabling LDAP. Just insecure methods of connecting. This basically means that unencrypted sign in using basic authentication and a few other techniques will no longer work. 

Windows authentication does use Kerberos, but understand that the connecting computer needs to be part of the domain for this to work. Kerberos doesn't work with non domain systems. LDAPS is fine for most situations, just note that the certificate will need to be completely valid for connections to work in the future. That means self-signed certificates need to be trusted by client systems before LDAP binding over LDAPS will work. 

Author

Commented:
Does Keberos secure as much as LDAPS?
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:

Kerberos is just an authentication mechanism. It's a way of securely transmitting credentials. LDAPS is a directory protocol used by AD.