ldap and passwords

[David Bear]

I'm a little confused regarding ldap support.  If samba uses ldap to
authenticate, does ldap have to be configured to store password hashes?
As I understand the password issue, only  one way hashes are sent over the
wire.  So the authenticating server either has to know the original plain
text password, or store the hash.  The whole issue with having to create
the additional smbpasswd file was related here correct? 

Now as far as I understood ldap, I thought it was a directory spec to
enable access to x500 like hierarchical directories.  So, I can see where
ldap nodes -- end points -- could provide a directory of user names --
userid.  But how does one store smbpasswords there?  and how would one
update the smbpassword?

This is important to me at ASU because we have a kerberos infrastructure
in place -- and they are just creating the ldap infrastructure.  So, to
mee I need to see if (1) ldap can be configure to help me with smb
passwords, or (2) if kerberos is the way to go -- or (3) if ldap would
provide some kind of gateway to kerberos principals?? Now I'm talking way
out of my realm...

David Bear
College of Public Programs/ASU
A word is just two nibbles and a byte...