--=-Qa9s282ZNKloqhE3QHt5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, 2009-05-26 at 15:40 +0200, Michael Str=C3=B6der wrote:
abartlet@samba.org wrote:
Samba4 always uses SASL credentials these days (trying to avoid simple binds).
=20 libsasldb2.so is not required for a SASL bind with password-based mechanism. You can store the passwords in attribute userPassword (in clear-text). So the security consideration is more about password storage than SASL vs. simple bind on the wire.
Which we already use. Regardless, Howard's great detective work shows it still gets in the way.=20
Perhaps it's time to investigate EXTERNAL
=20 That would be good anyway since in Samba4 the result of standard provision is LDAPI access anyway. So you could directly map the Unix user smbd is running as (root?) with authz-regexp to directory user samba-admin. Well, we already discussed that.. ;-)
We did. =20
Andrew Bartlett
--=20 Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
--=-Qa9s282ZNKloqhE3QHt5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
--=-Qa9s282ZNKloqhE3QHt5--