[ldapext] Samba and the password policy draft

Luke Howard lukeh at PADL.COM
Tue Mar 9 06:11:46 GMT 2004

>> In some cases you only have the user's keys, not their password. Perhaps
>> a control could be defined that extended RFC 3062 to support setting
>> keys.
>Indeed, that would be useful.  Could direct setting of those attributes
>be considered to be that operation?

True. A set keys operation, though, would at least abstract the client
from caring about how the keys are represented in the directory, and
allow the server to enforce constraints that may not be appropriate in
the case of a normal directory update.

draft-ietf-krb-wg-kerberos-set-passwd-01.txt might be a good place to
start -- there was some talk at the Vienna IETF about extending this
to LDAP.

-- Luke

More information about the samba-technical mailing list