[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting OpenLDAP to auth users against sambaNTPassword

On Thu, 2003-06-19 at 19:45, Volker Lendecke wrote:
> On Thu, Jun 19, 2003 at 07:00:45PM +1000, Andrew Bartlett wrote:
> >  - We can't do an LDAP bind the authenticate the user, even to an
> > NTLMSSP aware server.
> Just curious: Wouldn't it be possible to implement the protocol ideas we use
> against a NT DC in LDAP extensions? Or simply use SSL and send our chosen
> challenge to the LDAP server along with the bind request?

We could write an auth plugin to do it, certainly.  We still need part
of the LM hash for some of the password change stuff, but that was one
of the ideas behind the auth subsystem.

To act as a DC however, we need to be able to specify the challenge and
response, as you note.  I'm not sure it gains us anything, but we
certainly could do it.

Andrew Bartlett

Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part