trying to correctly handle account passwords via ldap

Jeremy Allison jra at
Tue Mar 28 02:45:11 GMT 2006

On Tue, Mar 28, 2006 at 12:42:40PM +1000, Andrew Bartlett wrote:
> On Tue, 2006-03-28 at 11:46 +1000, Luke Howard wrote:
> > >You mean they are stored with the old format but wrapped into something
> > >else when queried through DRS ?
> > 
> > DRS uses application-level encryption of secret attributes in addition to
> > the session encryption provided by the GSS-API. Nonetheless this encryption
> > is session-specific and is in addition to the OWF obfuscation.
> And remains on my list of crypto challenges to tackle. :-)

I think Luke was giving you a hint by the url he posted :-).


More information about the samba-technical mailing list