Content-Type: text/plain; charset="UTF-8"
On Tue, 2009-05-26 at 15:40 +0200, Michael Str=C3=B6der wrote:
> Samba4 always uses SASL credentials these days (trying to avoid simple
libsasldb2.so is not required for a SASL bind with password-based
mechanism. You can store the passwords in attribute userPassword (in
clear-text). So the security consideration is more about password
storage than SASL vs. simple bind on the wire.
Which we already use. Regardless, Howard's great detective work shows
it still gets in the way.=20
> Perhaps it's time to investigate EXTERNAL
That would be good anyway since in Samba4 the result of standard
provision is LDAPI access anyway. So you could directly map the Unix
user smbd is running as (root?) with authz-regexp to directory user
samba-admin. Well, we already discussed that.. ;-)
We did. =20
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----