[Samba] Samba - LDAP - Kerberos

Andrew Bartlett abartlet at samba.org
Thu Apr 5 22:25:00 GMT 2007

On Thu, 2007-04-05 at 14:35 +0200, Jörg Herzinger wrote:
> > Like Kerberos, Samba needs the password-equivilant values, or some other
> > process that will perform the same calculations on them (like a DC for a
> > member server).  There isn't any way around that.  Interestingly Heimdal
> > 0.8 includes code to do this in the KDC (we don't have a client for this
> > yet, but it is a very interesting move).  
> > Andrew Bartlett
> Ok, I see the problem now. Since i am in a small network sending unencrypted 
> passwords would'nt be a problem and when samba has the cleartext password
> authenticating via PAM or anything else should'nt be a problem, right?

You can't do domain logons with plaintext passwords, and it is far less
stable, even for normal operations (with windows clients, after apply
the registry patch).  Just don't do it.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070406/abbcd60c/attachment.bin

More information about the samba mailing list