[PATCH] security hole in Samba 3.0 start tls handling

Gerald (Jerry) Carter jerry at samba.org
Fri Nov 1 14:49:01 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 30 Oct 2002, Andrew Bartlett wrote:

> > No, no more than you can indicate SASL preferences in a URL.  You
> > *could* embed this information in a URI string, but there would be
> > nothing particularly standard about this, and the LDAP libraries are
> > unlikely to understand them -- so Samba will still have to parse these
> > components out of the URL and handle them directly.
> 
> That's fine then - but you can put quite a bit in that URL.  (Like bind
> dn, search suffix and quite a few other things).

No.  Having a non-standard LDAP URI would be a bad thing.  Too confusing 
to administer.  Please do not do this.  Find another way to 
specifiy start tls that extending the LDAP URI format (unless you want to
get it through the LDAPbis WG).




cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard           ------------------------- http://www.hp.com
 SAMBA Team                ---------------------- http://www.samba.org
 GnuPG Key                 ---- http://www.plainjoe.org/gpg_public.asc
 ISBN 0-672-32269-2        "SAMS Teach Yourself Samba in 24 Hours" 2ed
 "I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE9wpQ3IR7qMdg1EfYRApvyAKDIFf3/C52iVoGLf/IyVr74wBUUVwCbBLM5
NV9aX4EAjBjkwrV45hhW5WA=
=gqPS
-----END PGP SIGNATURE-----




More information about the samba-technical mailing list