[ldapext] Samba and the password policy draft
Andrew Bartlett
abartlet at samba.org
Tue Mar 9 04:00:35 GMT 2004
On Tue, 2004-03-09 at 13:51, Luke Howard wrote:
> >I'm wondering if there's something preventing the use of an NT/LM SASL
> >mechanism to perform an LDAP SASL bind. Novell is beginning to look at
> >doing just that and will contribute to the code if it's seen as
> >beneficial. If this were available, the password policy could still be
> >enforced by the LDAP server
>
> For the record, this exists and is supported by Active Directory -- it
> is the NTLM SASL mechanism. But, as Andrew pointed out, it buys you
> nothing with pass-through authentication.
>
> >Then for password modifications, there is RFC 3602. Do you think this
> >is sufficient to update these kinds of passwords?
>
> In some cases you only have the user's keys, not their password. Perhaps
> a control could be defined that extended RFC 3062 to support setting
> keys.
Indeed, that would be useful. Could direct setting of those attributes
be considered to be that operation? That is already proposed as an
allowed way to change userPassword, I think.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040309/a2b8559d/attachment.bin
More information about the samba-technical
mailing list