password API needed
Jean-Francois Micouleau
Jean-Francois.Micouleau at utc.fr
Tue May 12 21:07:29 GMT 1998
On Tue, 12 May 1998, Luke Kenneth Casson Leighton wrote:
> > You have to make the distinction between users and trusts accounts.
>
> why? not in my book you don't, and not in an NT SAM you don't. trust
> accounts _are_ SAM users, but just with a different ACB_xxxx value.
your book ? You found good books on microsoft #]}]&~i" protocols ?
I mean with trust accounts you don't care about unix password
synchronization. Those have to be totally hidden from the user/admin side.
> > I don't like it, I prefer to follow RFC2037.
> wossat, then? what's that say (in a nutshell)
I said I prefer to store the password as proposed in RFC 2037, cause NT5
schema is not stable right now. We can take a look at NT5 schema (to know
how it looks like) but I'm sure it's not the definitive one that will be
in the shipping version of NT5.
> then we will have to invent / use what microsoft does, which is to
> obfuscate with a long-term session key.
It's in the case where you want to store clear text password. If you want
to obfuscate, you need to patch slapd, humm.
I should look on critical angle repository web server, there was something
there.
Is there any ldap guru on this list ?
Jean Francois
-----------------------------------------------------------
Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
try to install Windows NT !"
-----------------------------------------------------------
More information about the samba-technical
mailing list