Intergrate Heimdal's hdb-ldap and Samba
Love
lha at stacken.kth.se
Sat Mar 6 23:48:43 GMT 2004
Andrew Bartlett <abartlet at samba.org> writes:
>> Shouldn't type-23 keys be stored in both entries ?
>
> Perhaps they should. I'm a bit worried about storing duplicate data -
> what do we do when they don't match. Now, that is pretty lame, as if
> the two representations of the type-32 key don't match, then the DES
> keys would also be in conflict with the NT password....
Well, at least by storing the data its possible to detect mismatch. Is
there a password changing protocol in SMB/cifs so that data can get out of
sync ?
>> The db really need to store all the data, so using something like
>> HDBEntry2OldHDBEntry wouldn't work.
>
> OK.
So, I integrated did a patch and almost that does this in a forward
compatible maner by using ANY. It break forward compat, but should be ok in
the future.
http://people.su.se/~lha/patches/heimdal/ldap-samba
But I've not tested the patch yet more then compiling it.
You changed the structural object class from person to account, is this
wise ?
Dunno how to express the data for ldap. Example of data that I want to
store in the extention structure is pkinit acl's, certificates, old keys
(krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
least, because that is what MS does).
Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040307/716037ad/attachment.bin
More information about the samba-technical
mailing list