password API needed

Jean-Francois Micouleau Jean-Francois.Micouleau at
Tue May 12 21:07:29 GMT 1998

On Tue, 12 May 1998, Luke Kenneth Casson Leighton wrote:

> > You have to make the distinction between users and trusts accounts.
> why?  not in my book you don't, and not in an NT SAM you don't.  trust
> accounts _are_ SAM users, but just with a different ACB_xxxx value.

your book ? You found good books on microsoft #]}]&~i" protocols ?

I mean with trust accounts you don't care about unix password
synchronization. Those have to be totally hidden from the user/admin side.

> > I don't like it, I prefer to follow RFC2037.
> wossat, then?  what's that say (in a nutshell)

I said I prefer to store the password as proposed in RFC 2037, cause NT5
schema is not stable right now. We can take a look at NT5 schema (to know
how it looks like) but I'm sure it's not the definitive one that will be
in the shipping version of NT5.

> then we will have to invent / use what microsoft does, which is to
> obfuscate with a long-term session key.

It's in the case where you want to store clear text password. If you want
to obfuscate, you need to patch slapd, humm.
I should look on critical angle repository web server, there was something

Is there any ldap guru on this list ?

	Jean Francois

Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
	try to install Windows NT !"

More information about the samba-technical mailing list