NTLMSSP/GSSAPI and Heimdal, the new NTLMSSP interface

Andrew Bartlett abartlet at pcug.org.au
Thu Nov 15 16:43:53 GMT 2001

Luke Howard wrote:
> >Where can I get details about the XAD stuff?  It looks like it maps on
> >much of my work quite nicly.
> http://dcerpc.net/. XAD is not an open source project, however
> (although components of it are).


Is the password update plugin available?  

> >I was going to try and do kerberos authenticated LDAP (ie no
> >userPassword).  Is this actually doable?   The other thing I need to
> >look into is adding a Digest-MD5 password to the mix, for HTTP
> >authentication, but thats another story...
> Yes, this is doable with OpenLDAP + Cyrus SASL (or iPlanet +
> commercial software).

Good, I saw a HOWTO on it at one stage, I guess it is time to chase it
up agian.  
> >One of the things I wanted to avoid was the Samba side of things
> >directly setting/reading the keys - I wanted to put them on a sperate
> >(secure) server if possible.
> I don't think you can shoe-horn NTLM authentication into Kerberos
> (just trying to get my head around that :-)).

I can try :-)

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list