Password Synchronization
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Dec 30 15:13:39 GMT 1997
On Tue, 30 Dec 1997, Leslie Mikesell wrote:
> > >i wasn't thinking of crack solutions, i was thinking of a way of merging
> > >unix and nt logins. but then realised that that is simply not possible.
> > >except with PAMs.
> > >lukes
> >
> > i wonder that nobody is talking about LDAP servers?! Unix vendors are close
> > to have
> > "ldap" in nsswitch.conf (with "files" "nis" ..) and there is "ypldapd" as
> > another approach
> > (almost ready ;))
> > should be relatively easy to do something like that on NT domain controlers.
> > i'm not
> > sure if there is something at the moment?
>
> Yes, I think this would be ideal, but is there a standard yet to replicate
> LDAP database changes across distributed or backup servers?
microsoft apparently are working on a draft rfc to provide "replication"
in general.
> That would
> be the main advantage of using LDAP compared to other databases.
definitely. the wins server capabilities in samba would gain replication
automatically by storing its entries in an ldap database.
> Also
> the development of the free umich server code (which had its own
> replication mode) seems to have stalled when the programmers were hired
> away by Netscape.
- the client code is not thread safe
- client code leaks memory in places
- replication is handled by one master daemon, and is therefore not
peer-to-peer.
> Is the NT-encrypted password secure enough to return
> over the network connection or would the LDAP side have to be modified
> to do the comparison?
no, and not necessarily: if you used some two-way obfuscation (like
microsoft do with syskey.exe) then the ldap server would just be a
repository for data: it wouldn't have to know what the data was.
lukes
More information about the samba
mailing list