[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unified login (unix + windows)



Sebastian Andersson wrote:
> 
> On Tue, Jun 13, 2000 at 01:40:30PM -0500, Gerald Carter wrote:
> > is official, there you go.  Problem is that Samba will need
> > the LanMan/NT password hash regardless of the userPassword
> > representation you use for Unix clients.  I have no work
> > around for this at the moment.  Storing the plain text
> > would work, but then I'm not really fond of that. :-)
> 
> Why don't you want to store plain text passwords if you are willing
> to store the LanMan/NT hashes? They are equivalent from a security
> point, are they not?

You misunderstood.  I would never want to store 
plain text passwords period.  And yes LanMan/NT password 
hashes are plain text equivalents.  But no way around that.
The only reason I mentioned plain text is that it would be 
the only way to generate the incompatible hashes needed 
by all clients.  Just as an academic example.

> The commercial LDAP vendors have replication tools 
> between the PDC and the LDAP directory. Check for 
> example Netscapes Directory Server
> (whatever netscape is called now).

I was approaching strictly from an OpenSource point 
of view.  That's was just my perspective.  Of course, 
not the only possibility.

> Some LDAP vendors have new DLLs to login via LDAP 
> instead of the PDC/BDC. I think slapd (www.slapd.com) 
> has that.

I think I mentioned this possibility (althought I did not 
find one on slapd's site).





Cheers,
jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter@valinux.com
       http://www.samba.org       SAMBA Team           jerry@samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )