[ldapext] Samba and the password policy draft

Luke Howard lukeh at PADL.COM
Tue Mar 9 02:51:45 GMT 2004

>I'm wondering if there's something preventing the use of an NT/LM SASL
>mechanism to perform an LDAP SASL bind. Novell is beginning to look at
>doing just that and will contribute to the code if it's seen as
>beneficial. If this were available, the password policy could still be
>enforced by the LDAP server

For the record, this exists and is supported by Active Directory -- it
is the NTLM SASL mechanism. But, as Andrew pointed out, it buys you
nothing with pass-through authentication.
>Then for password modifications, there is RFC 3602. Do you think this
>is sufficient to update these kinds of passwords? 

In some cases you only have the user's keys, not their password. Perhaps
a control could be defined that extended RFC 3062 to support setting

-- Luke

More information about the samba-technical mailing list