Does the Samba 4 LDAP server support GSS-SPNEGO over SASL

[Luke Howard]

>> Minor security note: You don't really need the plaintext, the Digest
>> HHA1 hash for the user in the realm is sufficient and is what many
>> implementations use to avoid storing the plaintext password on the
>> server.
>Hm, this sounds interesting. Which implementations use the sha1 hash,
>and how do you tell the client? At least cyrus-sasl needs plaintext on
>the server side AFAIK.

It's not a SHA-1 hash, rather it's H(A1) from RFC 2617.

-- Luke

--
www.padl.com | www.lukehoward.com