[ldapext] Samba and the password policy draft
Luke Howard
lukeh at PADL.COM
Tue Mar 9 02:51:45 GMT 2004
>I'm wondering if there's something preventing the use of an NT/LM SASL
>mechanism to perform an LDAP SASL bind. Novell is beginning to look at
>doing just that and will contribute to the code if it's seen as
>beneficial. If this were available, the password policy could still be
>enforced by the LDAP server
For the record, this exists and is supported by Active Directory -- it
is the NTLM SASL mechanism. But, as Andrew pointed out, it buys you
nothing with pass-through authentication.
>Then for password modifications, there is RFC 3602. Do you think this
>is sufficient to update these kinds of passwords?
In some cases you only have the user's keys, not their password. Perhaps
a control could be defined that extended RFC 3062 to support setting
keys.
-- Luke
More information about the samba-technical
mailing list