[PATCH] Add support for SASL EXTERNAL to libads

Luke Howard lukeh at PADL.COM
Mon Jun 9 04:47:59 GMT 2003

>Well, I think it is a useful patch, as we move to using libads for our
>passdb code.  SASL allows the client to chose which mechanism to use
>first, doesn't it?  This should allow us to express a preference order
>in the SASL table, and therefore allow this...  (possibly enabled by
>this flag - indeed we could do PLAIN SASL the same way...)

Yes, you could choose which SASL mechanism to use based on:

- The mechanisms the server supports (as is the case presently)

- Application mechanism preferences (auth.flags)

- Configuration mechanism preferences (mechanism order in smb.conf)

- Application security strength preferences (does the mechanism
  support integrity? privacy? with what bit length?)

- Configuration security strength preferences (minimum acceptable
  strength in smb.conf)

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com

More information about the samba-technical mailing list