Arthur Ramsey arthur_ramsey at mediture.com
Fri Jul 10 20:42:02 UTC 2015

Yeah, I'm trying to setup the Indentikey server on Windows instead so it 
uses the Windows API instead of LDAP rather than setup a Windows 2008 R2 
domain controller for LDAP w/ SASL DIGEST-MD5 authentication.  It seems 
silly for them to use DIGEST-MD5, but that's what I stuck with for now.  
If samba4 could support DIGEST-MD5 that would be great.


On 07/10/2015 03:29 PM, Andrew Bartlett wrote:
> On Fri, 2015-07-10 at 11:45 -0500, Arthur Ramsey wrote:
>> That's too bad, I was trying to get the Vasco Identikey server working
>> with samba4 as a backend for FIPS 140-2 compliant OTP, which will only
>> bind with DIGEST-MD5.  I guess I will have to join a Windows 2008 R2 to
>> the domain as a domain controller.
> Very interesting.  This is the first use of DIGEST-MD5 that I've come
> across for AD.
> It would be great if it could be patched back in, but it would need
> tests this time, and to actually work.  We may have to implement the
> server-side in Samba, if we can't push the pre-digested hash values into
> Cyrus SASL (or don't want to use it).
> Andrew Bartlett

Arthur Ramsey
Systems Administrator
arthur_ramsey at mediture.com

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

More information about the samba mailing list