[SAMBA4] Add 'allowed mechs' to the credentials system?
Andrew Bartlett
abartlet at samba.org
Wed Sep 28 06:41:42 GMT 2005
Is the credentials system the right place to hook in an 'allowed
mechanisms' filter?
I'm looking into enabling kerberos testing on the build farm, and need a
way to put back something similar to the '-k' switch I removed.
Likewise, I want to be able to control NTLMSSP and Kerberos selection
(along with potentially other mechanisms, such as those from SASL) from
the command line, so I can test with the various mechs in place.
OpenLDAP uses the -Y option for this, in ldapsearch etc.
The reason I'm suggesting the credentials system (rather than globally)
is that this is tied to a particular set of username/password, and
therefore we can say 'machine accounts only use Kerberos' (valid until
JRA's recent work), while allowing different policies within the same
process.
I am mindful of the fact that the credentials system is becoming a
kitchen sink, and I'll happily discuss better ways to partition this
info, but for now it seems the best option.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050928/7ea6f63c/attachment.bin
More information about the samba-technical
mailing list