[Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.

[Stephen]

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.

Rowland

True! I agree with you Rowland that is a weakness. Unfortunately that is 
a universal weakness shared by all password-based authentication 
methods. I guess you would have to go with SSH-style encryption keys and 
certificates to circumvent that problem entirely which might bamboozle 
ordinary website users.

Dynamic bind does remove the need to create an extra special omnipotent 
account with a never-expiring password though. So on that basis I am 
saying it is more secure (but not absolutely secure since there are no 
absolutes in life heh ;) )

Cheers
Stephen Ellwood