[PATCH] security hole in Samba 3.0 start tls handling
abartlet at samba.org
Fri Nov 1 21:48:01 GMT 2002
"Gerald (Jerry) Carter" wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Wed, 30 Oct 2002, Andrew Bartlett wrote:
> > > No, no more than you can indicate SASL preferences in a URL. You
> > > *could* embed this information in a URI string, but there would be
> > > nothing particularly standard about this, and the LDAP libraries are
> > > unlikely to understand them -- so Samba will still have to parse these
> > > components out of the URL and handle them directly.
> > That's fine then - but you can put quite a bit in that URL. (Like bind
> > dn, search suffix and quite a few other things).
> No. Having a non-standard LDAP URI would be a bad thing. Too confusing
> to administer. Please do not do this. Find another way to
> specifiy start tls that extending the LDAP URI format (unless you want to
> get it through the LDAPbis WG).
Actually, that was my point.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical