Password Synchronization

Luke Kenneth Casson Leighton lkcl at
Tue Dec 30 15:13:39 GMT 1997

On Tue, 30 Dec 1997, Leslie Mikesell wrote:

> > >i wasn't thinking of crack solutions, i was thinking of a way of merging
> > >unix and nt logins.  but then realised that that is simply not possible.
> > >except with PAMs.
> > >lukes
> > 
> > i wonder that nobody is talking about LDAP servers?! Unix vendors are close
> > to have
> > "ldap" in nsswitch.conf (with "files" "nis" ..) and there is "ypldapd" as
> > another approach
> > (almost ready ;))
> > should be relatively easy to do something like that on NT domain controlers.
> > i'm not
> > sure if there is something at the moment?
> Yes, I think this would be ideal, but is there a standard yet to replicate
> LDAP database changes across distributed or backup servers?

microsoft apparently are working on a draft rfc to provide "replication"
in general.

>  That would
> be the main advantage of using LDAP compared to other databases.

definitely.  the wins server capabilities in samba would gain replication
automatically by storing its entries in an ldap database.

>  Also
> the development of the free umich server code (which had its own
> replication mode) seems to have stalled when the programmers were hired
> away by Netscape.

- the client code is not thread safe
- client code leaks memory in places
- replication is handled by one master daemon, and is therefore not

>  Is the NT-encrypted password secure enough to return
> over the network connection or would the LDAP side have to be modified
> to do the comparison?

no, and not necessarily: if you used some two-way obfuscation (like
microsoft do with syskey.exe) then the ldap server would just be a
repository for data: it wouldn't have to know what the data was.


More information about the samba mailing list