password API needed

Luke Kenneth Casson Leighton lkcl at
Wed May 13 12:28:37 GMT 1998

On Wed, 13 May 1998, Jean-Francois Micouleau wrote:

> On Tue, 12 May 1998, Luke Kenneth Casson Leighton wrote:
> > > You have to make the distinction between users and trusts accounts.
> > 
> > why?  not in my book you don't, and not in an NT SAM you don't.  trust
> > accounts _are_ SAM users, but just with a different ACB_xxxx value.
> your book ? You found good books on microsoft #]}]&~i" protocols ?
> I mean with trust accounts you don't care about unix password
> synchronization.

correct, and something i hadn't thought about at all, and hadn't thought
that someone else would consider it.

> > > I don't like it, I prefer to follow RFC2037.
> > wossat, then?  what's that say (in a nutshell)
> I said I prefer to store the password as proposed in RFC 2037, cause NT5
> schema is not stable right now.

that's what mark's already done with his ldap system - see

> We can take a look at NT5 schema (to know
> how it looks like) but I'm sure it's not the definitive one that will be
> in the shipping version of NT5.
> > then we will have to invent / use what microsoft does, which is to
> > obfuscate with a long-term session key.
> It's in the case where you want to store clear text password. If you want
> to obfuscate, you need to patch slapd, humm.
> I should look on critical angle repository web server, there was something
> there.
> Is there any ldap guru on this list ?

calling all ldap gurus!  calling all ldap gurus!  please subscribe to
samba-technical at and help us out!

luke (samba team)

More information about the samba-technical mailing list