LDAP samdb and "ldap ssl" (fwd)

Steve Langasek vorlon at netexpress.net
Thu Jan 3 07:33:08 GMT 2002


On Thu, Jan 03, 2002 at 10:20:08PM +1100, Andrew Bartlett wrote:

> On a similar matter, how about allowing the use of kerberos
> authentication?  We could use much of the code currently being used for
> ADS support to allow Samba to do a kerberos authenticated bind to the
> LDAP server.  

> We might need to teach smbd how to use /etc/krb5.keytab again, but it
> doesn't look that hard to do.

> How does this sound?

In case it helps sway opinion on the question, I'll mention that using 
the GSSAPI auth mechanism for SASL LDAP will normally get you an 
encrypted connection to boot (usually only DES, but it's better than 
plaintext).

Cheers,
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020103/db3f9436/attachment.bin


More information about the samba-technical mailing list