Does the Samba 4 LDAP server support GSS-SPNEGO over SASL
paul
paul at subsignal.org
Mon Dec 11 10:14:34 GMT 2006
Henrik Nordstrom schrieb:
> lör 2006-12-09 klockan 13:53 +1100 skrev Andrew Bartlett:
>
>> We don't support the DIGEST-MD5 server side quite yet, I need to hook
>> that in (query for the plaintext password in a sasl callback).
>
> Minor security note: You don't really need the plaintext, the Digest
> HHA1 hash for the user in the realm is sufficient and is what many
> implementations use to avoid storing the plaintext password on the
> server.
Hm, this sounds interesting. Which implementations use the sha1 hash,
and how do you tell the client? At least cyrus-sasl needs plaintext on
the server side AFAIK.
cheers
Paul
More information about the samba-technical
mailing list