An alternative plan for principal mapping
srahul at novell.com
Thu Aug 3 04:09:22 EDT 2006
As I said, these are two extensions for enforcing login policy ... not
for reading user password from the directory.
Andrew Bartlett wrote:
> On Tue, 2006-08-01 at 10:45 +0530, S Rahul wrote:
>> We expect the directory to provide some LDAP extension / control to
>> enforce the login policy. In Novell eDirectory, we have two such
>> extensions - one to find out whether the user is allowed to login and
>> the other to update the directory with the result of the login attempt.
>> We expect other directories to use similar extensions / controls for
>> enforcing the policies.
> Are these 'extensions' the ones Novell asked us to use in Samba: read
> the cleartext password, then attempt a bind with it, or has this been
> Andrew Bartlett
More information about the krbdev