On Wed, 2005-05-18 at 22:38 -0400, James F. Hranicky wrote: > On Thu, 19 May 2005 11:16:49 +1000 > Andrew Bartlett <abartlet@samba.org> wrote: > > > > - removes the need for the smbk5pwd overlay for Heimdal/Samba > > > syncing > > > > I still think this is the best way forward, but I know it isn't easy > > changing details on the LDAP server side of things (which is why I have > > not been able to run that overlay). > > Sorry, I'm not sure I get your meaning -- you like the idea of using > the overlay? Could you elaborate on why? Yes, I think the overlay is a good idea, because it is better to have all the different enc types set, if possible. Even if you don't like the old DES types (and while we may not like them, many systems don't know better), this would allow support of the new AES types. > > > - prevents the unnecessary addition of the krb5EncryptionType > > > attribute > > > > > > This probably isn't the best way to handle this as there's no configuration > > > option, so I'd appreciate any comments on this issue. > > > > I think the last point is the key issue here. A patch that I think > > would make more sense is one that uses the presence of an existing > > krb5key attribute to determine if it should be updated. Naturally, this would also require the presence of a sambaSamAccount on the entry, otherwise you could never set a key on an entry without anything. > I could probably code it up if there's interest in getting it into > the distribution. I would certainly appreciate it. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part