LDAP samdb and "ldap ssl" (fwd)

Gerald (Jerry) Carter jerry at samba.org
Thu Jan 3 08:14:02 GMT 2002


On Thu, 3 Jan 2002, Steve Langasek wrote:

> On Thu, Jan 03, 2002 at 10:20:08PM +1100, Andrew Bartlett wrote:
>
> > On a similar matter, how about allowing the use of kerberos
> > authentication?  We could use much of the code currently being used for
> > ADS support to allow Samba to do a kerberos authenticated bind to the
> > LDAP server.
>
> > We might need to teach smbd how to use /etc/krb5.keytab again, but it
> > doesn't look that hard to do.
>
> > How does this sound?
>
> In case it helps sway opinion on the question, I'll mention that using
> the GSSAPI auth mechanism for SASL LDAP will normally get you an
> encrypted connection to boot (usually only DES, but it's better than
> plaintext).

I'll work on this, but it will come later.  I want to get the
LDAP out of the "expiriemental" stage first and stable.  This is a feature
for round 2.





chau, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--





More information about the samba-technical mailing list