An alternative plan for principal mapping

S Rahul srahul at
Thu Aug 3 04:09:22 EDT 2006

As I said, these are two extensions for enforcing login policy ... not
for reading user password from the directory.

-Rahul S.

Andrew Bartlett wrote:
> On Tue, 2006-08-01 at 10:45 +0530, S Rahul wrote:
>> Hi,
>>     We expect the directory to provide some LDAP extension / control to
>> enforce the login policy. In Novell eDirectory, we have two such
>> extensions - one to find out whether the user is allowed to login and
>> the other to update the directory with the result of the login attempt.
>> We expect other directories to use similar extensions / controls for
>> enforcing the policies.
> Are these 'extensions' the ones Novell asked us to use in Samba:  read
> the cleartext password, then attempt a bind with it, or has this been
> improved?
> Andrew Bartlett

More information about the krbdev mailing list