NTLMSSP/GSSAPI and Heimdal, the new NTLMSSP interface

Luke Howard lukeh at PADL.COM
Thu Nov 15 16:20:01 GMT 2001

>Where can I get details about the XAD stuff?  It looks like it maps on
>much of my work quite nicly.

http://dcerpc.net/. XAD is not an open source project, however
(although components of it are).

>I was going to try and do kerberos authenticated LDAP (ie no
>userPassword).  Is this actually doable?   The other thing I need to
>look into is adding a Digest-MD5 password to the mix, for HTTP
>authentication, but thats another story...

Yes, this is doable with OpenLDAP + Cyrus SASL (or iPlanet + 
commercial software).

>One of the things I wanted to avoid was the Samba side of things
>directly setting/reading the keys - I wanted to put them on a sperate
>(secure) server if possible.

I don't think you can shoe-horn NTLM authentication into Kerberos
(just trying to get my head around that :-)).

-- Luke

Luke Howard | lukehoward.com
PADL Software | www.padl.com

More information about the samba-technical mailing list