svn commit: lorikeet r43 - in trunk/heimdal/lib: hdb kadm5

Andrew Bartlett abartlet at
Sun Sep 5 23:51:48 GMT 2004

On Mon, 2004-09-06 at 07:04, Love wrote:
> abartlet at writes:
> > Author: abartlet
> > Date: 2004-09-05 13:09:03 +0000 (Sun, 05 Sep 2004)
> > New Revision: 43
> >
> > WebSVN:
> >
> > Log:
> > We now have unicodePwd working for the lorikeet-heimdal intergration.
> >
> > This makes it much easier to setup, as we don't need to worry about
> > the NT hash, we can just ldbedit and put in an ascii password...
> >
> > (now to see what lha thinks of my chainsaw effort ;-)
> most *-{protos,private}.h are also generated (as you might have noticed).

'most' :-).  Now I have to look at each one and see if I can delete it

> I need to sleep on moving key_set mumble from kadm5 to hdb.

Sweet dreams :-)

Because of the need to preserve the unicodePwd as cleartext, we are also
going to need to pass the cleartext password down to HDB, and then some
of these functions will then become private to hdb (I think).

BTW, I'm interested as to why we don't set all the keytypes we have
available by default?

> I think you want to cache the result of string2key, for AES it might be
> expensive, esp when tunning the PKCS5-PBKDF2 string2key iterator to
> something more the 4K.

Well, I'll add a comment to that effect - we can't cache it now, even if
we wanted to, because hdb-ldb is currently read only (and I would not
want the complexity in the prototype stage) but before we try and ship
it, it will be worth looking into.


Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list