Intergrate Heimdal's hdb-ldap and Samba
Andrew Bartlett
abartlet at samba.org
Sun Feb 29 05:07:46 GMT 2004
On Sun, 2004-02-29 at 15:44, Love wrote:
> Andrew Bartlett <abartlet at samba.org> writes:
>
> > I realise it is not indented per the rest of heimdal (that was not a big
> > concern when creating it :-), but I'll happly re-indent if you can give
> > me your preferred indent command line.
> >
> > Is this something that is of interest to Heimdal?
>
> Yes, they are. The only thing I find a problem right now is that you change
> HDBEntry and that can't really be done in a backward compatiable manner (ie
> running diffrent major version of the kdc in the same realm). The idea we
> have is that we should have a CHOICE (or something to that effekt).
Oops - I'll need to learn a bit more about how HDBentry works :-)
Is is at all possible to have the hdb directly stored in the database be
different to that used as an internal data strucutre? I know it removes
some of the beauty of the system, but in Samba we have found it very,
very useful. In particular, I extended it to support attributes that
your kadmin protocol knows about, but your HDB doesn't :-)
Also, I would like to have a 'plaintext password' attribute passed
around, so that we can use it in a number of 'password syncronisation'
areas.
> Have you (as in the samba people) given any thought to how to implement AES
> keys in you LDAP schema ? I guess there might be more enctypes sometime in
> the future.
That's not an issue for Samba right now - the NTLM authentication scheme
is stuck at MD4 passwords, and is unlikaly to move further than that.
That is what Kerberos is for ;-)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040229/382a707f/attachment.bin
More information about the samba-technical
mailing list