NTLMSSP/GSSAPI and Heimdal, the new NTLMSSP interface
Andrew Bartlett
abartlet at pcug.org.au
Thu Nov 15 16:43:53 GMT 2001
Luke Howard wrote:
>
> >Where can I get details about the XAD stuff? It looks like it maps on
> >much of my work quite nicly.
>
> http://dcerpc.net/. XAD is not an open source project, however
> (although components of it are).
Pity...
Is the password update plugin available?
> >I was going to try and do kerberos authenticated LDAP (ie no
> >userPassword). Is this actually doable? The other thing I need to
> >look into is adding a Digest-MD5 password to the mix, for HTTP
> >authentication, but thats another story...
>
> Yes, this is doable with OpenLDAP + Cyrus SASL (or iPlanet +
> commercial software).
Good, I saw a HOWTO on it at one stage, I guess it is time to chase it
up agian.
> >One of the things I wanted to avoid was the Samba side of things
> >directly setting/reading the keys - I wanted to put them on a sperate
> >(secure) server if possible.
>
> I don't think you can shoe-horn NTLM authentication into Kerberos
> (just trying to get my head around that :-)).
I can try :-)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list