[PATCH] security hole in Samba 3.0 start tls handling

Andrew Bartlett abartlet at samba.org
Fri Nov 1 21:48:01 GMT 2002

"Gerald (Jerry) Carter" wrote:
> Hash: SHA1
> On Wed, 30 Oct 2002, Andrew Bartlett wrote:
> > > No, no more than you can indicate SASL preferences in a URL.  You
> > > *could* embed this information in a URI string, but there would be
> > > nothing particularly standard about this, and the LDAP libraries are
> > > unlikely to understand them -- so Samba will still have to parse these
> > > components out of the URL and handle them directly.
> >
> > That's fine then - but you can put quite a bit in that URL.  (Like bind
> > dn, search suffix and quite a few other things).
> No.  Having a non-standard LDAP URI would be a bad thing.  Too confusing
> to administer.  Please do not do this.  Find another way to
> specifiy start tls that extending the LDAP URI format (unless you want to
> get it through the LDAPbis WG).

Actually, that was my point.  

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list