Intergrate Heimdal's hdb-ldap and Samba

Love lha at stacken.kth.se
Sat Mar 6 23:48:43 GMT 2004


Andrew Bartlett <abartlet at samba.org> writes:

>> Shouldn't type-23 keys be stored in both entries ?
>
> Perhaps they should.  I'm a bit worried about storing duplicate data -
> what do we do when they don't match.  Now, that is pretty lame, as if
> the two representations of the type-32 key don't match, then the DES
> keys would also be in conflict with the NT password....

Well, at least by storing the data its possible to detect mismatch. Is
there a password changing protocol in SMB/cifs so that data can get out of
sync ?

>> The db really need to store all the data, so using something like
>> HDBEntry2OldHDBEntry wouldn't work.
>
> OK.

So, I integrated did a patch and almost that does this in a forward
compatible maner by using ANY. It break forward compat, but should be ok in
the future.

http://people.su.se/~lha/patches/heimdal/ldap-samba

But I've not tested the patch yet more then compiling it. 

You changed the structural object class from person to account, is this
wise ?

Dunno how to express the data for ldap. Example of data that I want to
store in the extention structure is pkinit acl's, certificates, old keys
(krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
least, because that is what MS does).

Love

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040307/716037ad/attachment.bin


More information about the samba-technical mailing list