On Sun, 2004-02-29 at 15:44, Love wrote: > Andrew Bartlett <abartlet@samba.org> writes: > > > I realise it is not indented per the rest of heimdal (that was not a big > > concern when creating it :-), but I'll happly re-indent if you can give > > me your preferred indent command line. > > > > Is this something that is of interest to Heimdal? > > Yes, they are. The only thing I find a problem right now is that you change > HDBEntry and that can't really be done in a backward compatiable manner (ie > running diffrent major version of the kdc in the same realm). The idea we > have is that we should have a CHOICE (or something to that effekt). Oops - I'll need to learn a bit more about how HDBentry works :-) Is is at all possible to have the hdb directly stored in the database be different to that used as an internal data strucutre? I know it removes some of the beauty of the system, but in Samba we have found it very, very useful. In particular, I extended it to support attributes that your kadmin protocol knows about, but your HDB doesn't :-) Also, I would like to have a 'plaintext password' attribute passed around, so that we can use it in a number of 'password syncronisation' areas. > Have you (as in the samba people) given any thought to how to implement AES > keys in you LDAP schema ? I guess there might be more enctypes sometime in > the future. That's not an issue for Samba right now - the NTLM authentication scheme is stuck at MD4 passwords, and is unlikaly to move further than that. That is what Kerberos is for ;-) Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
This is a digitally signed message part