NTLMSSP/GSSAPI and Heimdal, the new NTLMSSP interface
Luke Howard
lukeh at PADL.COM
Thu Nov 15 16:20:01 GMT 2001
>Where can I get details about the XAD stuff? It looks like it maps on
>much of my work quite nicly.
http://dcerpc.net/. XAD is not an open source project, however
(although components of it are).
>I was going to try and do kerberos authenticated LDAP (ie no
>userPassword). Is this actually doable? The other thing I need to
>look into is adding a Digest-MD5 password to the mix, for HTTP
>authentication, but thats another story...
Yes, this is doable with OpenLDAP + Cyrus SASL (or iPlanet +
commercial software).
>One of the things I wanted to avoid was the Samba side of things
>directly setting/reading the keys - I wanted to put them on a sperate
>(secure) server if possible.
I don't think you can shoe-horn NTLM authentication into Kerberos
(just trying to get my head around that :-)).
-- Luke
--
Luke Howard | lukehoward.com
PADL Software | www.padl.com
More information about the samba-technical
mailing list