[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Intergrate Heimdal's hdb-ldap and Samba

Andrew Bartlett <abartlet@samba.org> writes:

>> Shouldn't type-23 keys be stored in both entries ?
> Perhaps they should.  I'm a bit worried about storing duplicate data -
> what do we do when they don't match.  Now, that is pretty lame, as if
> the two representations of the type-32 key don't match, then the DES
> keys would also be in conflict with the NT password....

Well, at least by storing the data its possible to detect mismatch. Is
there a password changing protocol in SMB/cifs so that data can get out of
sync ?

>> The db really need to store all the data, so using something like
>> HDBEntry2OldHDBEntry wouldn't work.
> OK.

So, I integrated did a patch and almost that does this in a forward
compatible maner by using ANY. It break forward compat, but should be ok in
the future.


But I've not tested the patch yet more then compiling it. 

You changed the structural object class from person to account, is this
wise ?

Dunno how to express the data for ldap. Example of data that I want to
store in the extention structure is pkinit acl's, certificates, old keys
(krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
least, because that is what MS does).


PGP signature