svn commit: lorikeet r106 - in trunk/samba4-ad-thesis: .

abartlet at samba.org abartlet at samba.org
Tue Oct 26 22:18:56 GMT 2004 

Author: abartlet
Date: 2004-10-26 22:18:56 +0000 (Tue, 26 Oct 2004)
New Revision: 106

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/samba4-ad-thesis&rev=106&nolog=1

Log:
Fix the other 'invisible footnote' (crh's credit) and clarify how we
store and use passwords, from comments by G?\195?\169mes G?\195?\169za
<geza at kzsdabas.sulinet.hu>.

Andrew Bartlett


Modified:
   trunk/samba4-ad-thesis/chapters.lyx


Changeset:
Modified: trunk/samba4-ad-thesis/chapters.lyx
===================================================================
--- trunk/samba4-ad-thesis/chapters.lyx	2004-10-26 12:27:18 UTC (rev 105)
+++ trunk/samba4-ad-thesis/chapters.lyx	2004-10-26 22:18:56 UTC (rev 106)
@@ -936,24 +936,19 @@
  It keeps track of the common authentication database that is shared by
  the SMB servers in the Domain.
  The SMB servers query the DC when a client requests access to SMB services.
- 
-\begin_inset Foot
-collapsed false
-
-\layout Standard
-
-Image and text (c) Chris Hertel
+ (Image and text (c) Chris Hertel
 \begin_inset LatexCommand \citep{hertel}
 
 \end_inset 
 
-, http://www.ubiqx.org/cifs/figures/smb-15.html
+, 
+\family typewriter 
+http://www.ubiqx.org/cifs/figures/smb-15.html
+\family default 
+)
 \end_inset 
 
 
-\end_inset 
-
-
 \layout Standard
 
 For an authentication system to be secure, it must be possible to trust
@@ -3299,10 +3294,15 @@
 
 A few aspects of the hdb-ldb development created problems, due to the structure
  and assumptions in the original Heimdal code.
- In particular, hdb-ldb is unique in Heimdal in that it contains plain-text
+ In particular, hdb-ldb is unique in Heimdal in that it may contain plain-text
  passwords, not the hashed encryption keys.
- This required a minor code restructure, that has not been included by Heimdal's
- developers into current snapshots.
+ Storing the plaintext password is required when the `store password with
+ reversable encryption' flag is set, and doing so by default has allowed
+ easier initial development.
+ In this case, we `hash' the passwords on the fly, but we can also store
+ the pre-hashed password if the plaintext is not available.
+ These requirements required a minor code restructure, that has now been
+ included by Heimdal's developers into current snapshots.
 \layout Subsection
 
 No PAC at this stage

More information about the samba-cvs mailing list