[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Intergrate Heimdal's hdb-ldap and Samba

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: Intergrate Heimdal's hdb-ldap and Samba
From: Love <lha@stacken.kth.se>
Date: Sun, 07 Mar 2004 17:33:59 +0100
Cc: heimdal-discuss@sics.se, Multiple recipients of list SAMBA-TECHNICAL <samba-technical@samba.org>
In-Reply-To: <1078619050.1722.21.camel@piglett.bartlett.house> (AndrewBartlett's message of "Sun, 07 Mar 2004 11:24:11 +1100")
References: <1077962186.1892.8354.camel@piglett.bartlett.house><am8yimmr40.fsf@nutcracker.stacken.kth.se><1078031265.1892.13408.camel@piglett.bartlett.house><amk726m4a2.fsf@nutcracker.stacken.kth.se><1078121794.1599.208.camel@piglett.bartlett.house><am3c8s6ce3.fsf@nutcracker.stacken.kth.se><1078140789.1599.247.camel@piglett.bartlett.house><amad304te7.fsf@nutcracker.stacken.kth.se><1078310407.31811.7.camel@piglett.bartlett.house><amy8qdr0ys.fsf@nutcracker.stacken.kth.se><1078619050.1722.21.camel@piglett.bartlett.house>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)

Andrew Bartlett <abartlet@samba.org> writes:

> There certainly is a password change protocol :-)
>
> I would not object to storing both, and asserting that they are the same
> in Heimdal.  Samba can't assert that they are the same, but the only
> heimdal code that is going to be used will update the Samba passwords
> anyway, so it is a non-issue.

I don't think I care that much, and just leave it as it is.

>> You changed the structural object class from person to account, is this
>> wise ?
>
> I certainly think it is.  Person requires the account to be a real
> human, and I would claim that machines are not.  Furthermore, it matches
> what Samba does.

But its not what the old code does, and I guess it might break for old
installations.

If I did some more guessing, its because microsoft uses person the old ldap
code uses person.

It should be simple enough to just have a runtime option.

>> Dunno how to express the data for ldap. Example of data that I want to
>> store in the extention structure is pkinit acl's, certificates, old keys
>> (krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
>> least, because that is what MS does).
>
> People have generally found that almost anything can be shoved into
> LDAP, given suffienct force ;-)

The idea was not to use way too much force.

> For x.509 certificates, there is a objectClass
> (strongAuthenticationUser) and an attribute (userCertificate) for it
> already.

I was thinking more something like microsoft's
altSecurity(Identity|Principal) (?).

Love

PGP signature

Follow-Ups:
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Love <lha@stacken.kth.se>
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Love <lha@stacken.kth.se>
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Love <lha@stacken.kth.se>
- Re: Intergrate Heimdal's hdb-ldap and Samba
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: Intergrate Heimdal's hdb-ldap and Samba
Next by Date: Re: rxtelnet when kx fails (but we have still telnet)
Prev by thread: Re: Intergrate Heimdal's hdb-ldap and Samba
Next by thread: Re: Intergrate Heimdal's hdb-ldap and Samba
Index(es):
- Date
- Thread