Getting OpenLDAP to auth users against sambaNTPassword
Andrew Bartlett
abartlet at samba.org
Thu Jun 19 10:21:20 GMT 2003
On Thu, 2003-06-19 at 19:45, Volker Lendecke wrote:
> On Thu, Jun 19, 2003 at 07:00:45PM +1000, Andrew Bartlett wrote:
> > - We can't do an LDAP bind the authenticate the user, even to an
> > NTLMSSP aware server.
>
> Just curious: Wouldn't it be possible to implement the protocol ideas we use
> against a NT DC in LDAP extensions? Or simply use SSL and send our chosen
> challenge to the LDAP server along with the bind request?
We could write an auth plugin to do it, certainly. We still need part
of the LM hash for some of the password change stuff, but that was one
of the ideas behind the auth subsystem.
To act as a DC however, we need to be able to specify the challenge and
response, as you note. I'm not sure it gains us anything, but we
certainly could do it.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030619/fd56c593/attachment.bin
More information about the samba-technical
mailing list