On Thu, 2003-06-19 at 19:45, Volker Lendecke wrote: > On Thu, Jun 19, 2003 at 07:00:45PM +1000, Andrew Bartlett wrote: > > - We can't do an LDAP bind the authenticate the user, even to an > > NTLMSSP aware server. > > Just curious: Wouldn't it be possible to implement the protocol ideas we use > against a NT DC in LDAP extensions? Or simply use SSL and send our chosen > challenge to the LDAP server along with the bind request? We could write an auth plugin to do it, certainly. We still need part of the LM hash for some of the password change stuff, but that was one of the ideas behind the auth subsystem. To act as a DC however, we need to be able to specify the challenge and response, as you note. I'm not sure it gains us anything, but we certainly could do it. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Attachment:
signature.asc
Description: This is a digitally signed message part