[PATCH] security hole in Samba 3.0 start tls handling
Andrew Bartlett
abartlet at samba.org
Fri Nov 1 21:48:01 GMT 2002
"Gerald (Jerry) Carter" wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 30 Oct 2002, Andrew Bartlett wrote:
>
> > > No, no more than you can indicate SASL preferences in a URL. You
> > > *could* embed this information in a URI string, but there would be
> > > nothing particularly standard about this, and the LDAP libraries are
> > > unlikely to understand them -- so Samba will still have to parse these
> > > components out of the URL and handle them directly.
> >
> > That's fine then - but you can put quite a bit in that URL. (Like bind
> > dn, search suffix and quite a few other things).
>
> No. Having a non-standard LDAP URI would be a bad thing. Too confusing
> to administer. Please do not do this. Find another way to
> specifiy start tls that extending the LDAP URI format (unless you want to
> get it through the LDAPbis WG).
Actually, that was my point.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list