[Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
stephen at ogdenradar.com
Wed Apr 10 15:25:47 UTC 2019
To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.
True! I agree with you Rowland that is a weakness. Unfortunately that is
a universal weakness shared by all password-based authentication
methods. I guess you would have to go with SSH-style encryption keys and
certificates to circumvent that problem entirely which might bamboozle
ordinary website users.
Dynamic bind does remove the need to create an extra special omnipotent
account with a never-expiring password though. So on that basis I am
saying it is more secure (but not absolutely secure since there are no
absolutes in life heh ;) )
More information about the samba