[SAMBA4] Add 'allowed mechs' to the credentials system?

Andrew Bartlett abartlet at samba.org
Wed Sep 28 06:41:42 GMT 2005

Is the credentials system the right place to hook in an 'allowed
mechanisms' filter?

I'm looking into enabling kerberos testing on the build farm, and need a
way to put back something similar to the '-k' switch I removed.  

Likewise, I want to be able to control NTLMSSP and Kerberos selection
(along with potentially other mechanisms, such as those from SASL) from
the command line, so I can test with the various mechs in place. 

OpenLDAP uses the -Y option for this, in ldapsearch etc.

The reason I'm suggesting the credentials system (rather than globally)
is that this is tied to a particular set of username/password, and
therefore we can say 'machine accounts only use Kerberos' (valid until
JRA's recent work), while allowing different policies within the same

I am mindful of the fact that the credentials system is becoming a
kitchen sink, and I'll happily discuss better ways to partition this
info, but for now it seems the best option.

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050928/7ea6f63c/attachment.bin

More information about the samba-technical mailing list