[PATCH] Add support for SASL EXTERNAL to libads
Luke Howard
lukeh at PADL.COM
Mon Jun 9 04:47:59 GMT 2003
>Well, I think it is a useful patch, as we move to using libads for our
>passdb code. SASL allows the client to chose which mechanism to use
>first, doesn't it? This should allow us to express a preference order
>in the SASL table, and therefore allow this... (possibly enabled by
>this flag - indeed we could do PLAIN SASL the same way...)
Yes, you could choose which SASL mechanism to use based on:
- The mechanisms the server supports (as is the case presently)
- Application mechanism preferences (auth.flags)
- Configuration mechanism preferences (mechanism order in smb.conf)
- Application security strength preferences (does the mechanism
support integrity? privacy? with what bit length?)
- Configuration security strength preferences (minimum acceptable
strength in smb.conf)
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
More information about the samba-technical
mailing list