An alternative plan for principal mapping
S Rahul
srahul at novell.com
Thu Aug 3 04:09:22 EDT 2006
As I said, these are two extensions for enforcing login policy ... not
for reading user password from the directory.
-Rahul S.
Andrew Bartlett wrote:
> On Tue, 2006-08-01 at 10:45 +0530, S Rahul wrote:
>> Hi,
>> We expect the directory to provide some LDAP extension / control to
>> enforce the login policy. In Novell eDirectory, we have two such
>> extensions - one to find out whether the user is allowed to login and
>> the other to update the directory with the result of the login attempt.
>> We expect other directories to use similar extensions / controls for
>> enforcing the policies.
>
> Are these 'extensions' the ones Novell asked us to use in Samba: read
> the cleartext password, then attempt a bind with it, or has this been
> improved?
>
> Andrew Bartlett
>
More information about the krbdev
mailing list