[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unified login (unix + windows)
Sebastian Andersson wrote:
>
> On Tue, Jun 13, 2000 at 01:40:30PM -0500, Gerald Carter wrote:
> > is official, there you go. Problem is that Samba will need
> > the LanMan/NT password hash regardless of the userPassword
> > representation you use for Unix clients. I have no work
> > around for this at the moment. Storing the plain text
> > would work, but then I'm not really fond of that. :-)
>
> Why don't you want to store plain text passwords if you are willing
> to store the LanMan/NT hashes? They are equivalent from a security
> point, are they not?
You misunderstood. I would never want to store
plain text passwords period. And yes LanMan/NT password
hashes are plain text equivalents. But no way around that.
The only reason I mentioned plain text is that it would be
the only way to generate the incompatible hashes needed
by all clients. Just as an academic example.
> The commercial LDAP vendors have replication tools
> between the PDC and the LDAP directory. Check for
> example Netscapes Directory Server
> (whatever netscape is called now).
I was approaching strictly from an OpenSource point
of view. That's was just my perspective. Of course,
not the only possibility.
> Some LDAP vendors have new DLLs to login via LDAP
> instead of the PDC/BDC. I think slapd (www.slapd.com)
> has that.
I think I mentioned this possibility (althought I did not
find one on slapd's site).
Cheers,
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter@valinux.com
http://www.samba.org SAMBA Team jerry@samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )