[Samba] SASL DIGEST-MD5 NT_STATUS_INVALID_PARAMETER

Andrew Bartlett abartlet at samba.org
Fri Jul 10 20:29:52 UTC 2015


On Fri, 2015-07-10 at 11:45 -0500, Arthur Ramsey wrote:
> That's too bad, I was trying to get the Vasco Identikey server working 
> with samba4 as a backend for FIPS 140-2 compliant OTP, which will only 
> bind with DIGEST-MD5.  I guess I will have to join a Windows 2008 R2 to 
> the domain as a domain controller.

Very interesting.  This is the first use of DIGEST-MD5 that I've come
across for AD.  

It would be great if it could be patched back in, but it would need
tests this time, and to actually work.  We may have to implement the
server-side in Samba, if we can't push the pre-digested hash values into
Cyrus SASL (or don't want to use it).

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba





More information about the samba mailing list