headers
Fugen Systems & Services | 1 Mar 2004 05:40
Favicon

(no subject)
Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 1 Mar 2004 07:16
Picon
Favicon

Re: Intergrate Heimdal's hdb-ldap and Samba

On Sun, 2004-02-29 at 23:57, Love wrote:
> Andrew Bartlett <abartlet <at> samba.org> writes:
> 
> > Oops - I'll need to learn a bit more about how HDBentry works :-)
> 
> Its more asn1/der. Heimdal's asn1_compile have implicit continuations (...)
> so parsing data is just fine, however it wont be preserved, nor it will the
> kdc properly reject data when it doesn't understand a critical extension.

Would you consider merging my patch if I removed the extra attributes
(which I don't use yet)?

I was considering that the HDBentry in the hemidal database would simply
not change, but that when using LDAP we would present a 'richer'
interface.   Otherwise, your proposal certainly makes sense.

> > Also, I would like to have a 'plaintext password' attribute passed
> > around, so that we can use it in a number of 'password syncronisation'
> > areas.
> 
> That would be possible to solve in the above scheme.
> 
> And indeed, we have talked about doing just that so enctypes can be added
> to users and not requiring them to change their password.

I assume this will be 'off by default' before the security nuts jump all
over you :-)

> > That's not an issue for Samba right now - the NTLM authentication scheme
> > is stuck at MD4 passwords, and is unlikaly to move further than that.
(Continue reading)

Permalink | Reply | 9 comments |
headers
=?koi8-r?Q?=22?=as as=?koi8-r?Q?=22=20?= | 1 Mar 2004 08:14
Picon

Samba + PDC + PAM

Hi all

Probably authorization through PAM without search of users in local SAM database ???

Sergey Abaturov
Permalink | Reply | 1 comment |
headers
roshan g shah | 1 Mar 2004 10:22
Favicon

how to convert our program to daemon and run it?

i know the basic things required to convert our program ot a daemon program. but how do i register and make it
run as soon as the system starts just like other daemons. what files i have to modify or is it only the
administrator's job?
Permalink | Reply | 0 comments |
headers
Love | 1 Mar 2004 12:21
Picon
Picon
Favicon

Re: Intergrate Heimdal's hdb-ldap and Samba


Andrew Bartlett <abartlet <at> samba.org> writes:

> On Sun, 2004-02-29 at 23:57, Love wrote:
>> Andrew Bartlett <abartlet <at> samba.org> writes:
>> 
>> > Oops - I'll need to learn a bit more about how HDBentry works :-)
>> 
>> Its more asn1/der. Heimdal's asn1_compile have implicit continuations (...)
>> so parsing data is just fine, however it wont be preserved, nor it will the
>> kdc properly reject data when it doesn't understand a critical extension.
>
> Would you consider merging my patch if I removed the extra attributes
> (which I don't use yet)?

I considering to include your patch in heimdal doing some merge of your
patch and the proposal I have. We have to break forward compatibility at
some time (with something like hdb-extensions). There are changes that are
already not put into the tree because of this issue (per principal
configurable iteration counter for AES s2k, pkinit acl's, etc).

Reading the ldap patch I think you break backward compatibility with the
old code, like you changed how the Key was stored, to hex encoded data from
raw octets.

> I was considering that the HDBentry in the hemidal database would simply
> not change, but that when using LDAP we would present a 'richer'
> interface.   Otherwise, your proposal certainly makes sense.

Ah, so you want a diffrent interface between libhdb and libkadm5 ?
(Continue reading)

Permalink | Reply | 8 comments |
headers
Andrew Bartlett | 1 Mar 2004 12:25
Picon
Favicon

Re: Samba + PDC + PAM

On Mon, 2004-03-01 at 18:14, =?koi8-r?Q?=22?=as as=?koi8-r?Q?=22=20?=
wrote:
> Hi all
> 
> Probably authorization through PAM without search of users 
> in local SAM database ???
> 
> Sergey Abaturov

PDC operation is incompatible with PAM plaintext passwords.

Andrew Bartlett

--

-- 
Andrew Bartlett                                 abartlet <at> pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet <at> samba.org
Student Network Administrator, Hawker College   abartlet <at> hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 1 Mar 2004 12:33
Picon
Favicon

Re: Intergrate Heimdal's hdb-ldap and Samba

On Mon, 2004-03-01 at 22:21, Love wrote:
> Andrew Bartlett <abartlet <at> samba.org> writes:
> 
> > On Sun, 2004-02-29 at 23:57, Love wrote:
> >> Andrew Bartlett <abartlet <at> samba.org> writes:
> >> 
> >> > Oops - I'll need to learn a bit more about how HDBentry works :-)
> >> 
> >> Its more asn1/der. Heimdal's asn1_compile have implicit continuations (...)
> >> so parsing data is just fine, however it wont be preserved, nor it will the
> >> kdc properly reject data when it doesn't understand a critical extension.
> >
> > Would you consider merging my patch if I removed the extra attributes
> > (which I don't use yet)?
> 
> I considering to include your patch in heimdal doing some merge of your
> patch and the proposal I have. We have to break forward compatibility at
> some time (with something like hdb-extensions). There are changes that are
> already not put into the tree because of this issue (per principal
> configurable iteration counter for AES s2k, pkinit acl's, etc).
> 
> Reading the ldap patch I think you break backward compatibility with the
> old code, like you changed how the Key was stored, to hex encoded data from
> raw octets.

sambaNTpassword is hex encoded, but the krb5Key should still be raw
octects.  It should be raw octets inside HDBEntry.  Can you point out
exactly what you mean here?

The only backward compatibility issue is that older Heimdal
(Continue reading)

Permalink | Reply | 7 comments |
headers
LNGW1/Mail/ABS | 1 Mar 2004 13:13
Favicon

Report to Sender


Incident Information:-

Database:   e:/lotus/domino/data/mail1.box
Originator: samba-technical <at> lists.samba.org
Recipients: csc <at> eagle.org
Subject:    Accounts department
Date/Time:  03/01/2004 06:13:42 AM

The file attachment eadaebddc.zip you sent to the recipients listed above
was infected with the W32/Bagle.e!zip virus and was successfully cleaned.
Permalink | Reply | 0 comments |
headers
Dmitry Melekhov | 1 Mar 2004 13:40

[PATCH] Terminal Profile Path settings

>
>
>just recently a nice contributor helped us to introduce some support for
>the terminal server settings.
>They are just a blob of options filled into the former munged dial
>parameter.
>We emulated the same thing in our SAM so you will find out these
>informations are a blob of data base64 encoded in the munged dial
>parameter in the SAM (ldapsam, tdbsam) once you set them with a terminal
>server aware usrmgr.exe from a windows workstation.
>  
>

I just tried to change profile parameters on samba 3.0.2a with tdbsam 
using usrmgr.
Unfortunately, this doesn't work for me.
Is this feature in 3.0.2a?
Permalink | Reply | 1 comment |
headers
Dmitry Melekhov | 1 Mar 2004 13:56

Re: [PATCH] Terminal Profile Path settings

Dmitry Melekhov wrote:

>
>
> I just tried to change profile parameters on samba 3.0.2a with tdbsam 
> using usrmgr.
> Unfortunately, this doesn't work for me.
> Is this feature in 3.0.2a?

As usual ... :-(

All is OK, this is my fault.

Sorry!
Permalink | Reply | 0 comments |

Gmane