[ldapext] Samba and the password policy draft
abartlet at samba.org
Tue Mar 9 04:00:35 GMT 2004
On Tue, 2004-03-09 at 13:51, Luke Howard wrote:
> >I'm wondering if there's something preventing the use of an NT/LM SASL
> >mechanism to perform an LDAP SASL bind. Novell is beginning to look at
> >doing just that and will contribute to the code if it's seen as
> >beneficial. If this were available, the password policy could still be
> >enforced by the LDAP server
> For the record, this exists and is supported by Active Directory -- it
> is the NTLM SASL mechanism. But, as Andrew pointed out, it buys you
> nothing with pass-through authentication.
> >Then for password modifications, there is RFC 3602. Do you think this
> >is sufficient to update these kinds of passwords?
> In some cases you only have the user's keys, not their password. Perhaps
> a control could be defined that extended RFC 3062 to support setting
Indeed, that would be useful. Could direct setting of those attributes
be considered to be that operation? That is already proposed as an
allowed way to change userPassword, I think.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040309/a2b8559d/attachment.bin
More information about the samba-technical