Does the Samba 4 LDAP server support GSS-SPNEGO over SASL
Luke Howard
lukeh at padl.com
Mon Dec 11 10:57:28 GMT 2006
>> Minor security note: You don't really need the plaintext, the Digest
>> HHA1 hash for the user in the realm is sufficient and is what many
>> implementations use to avoid storing the plaintext password on the
>> server.
>Hm, this sounds interesting. Which implementations use the sha1 hash,
>and how do you tell the client? At least cyrus-sasl needs plaintext on
>the server side AFAIK.
It's not a SHA-1 hash, rather it's H(A1) from RFC 2617.
-- Luke
--
www.padl.com | www.lukehoward.com
More information about the samba-technical
mailing list