An alternative plan for principal mapping
Andrew Bartlett
abartlet at samba.org
Thu Aug 3 20:33:59 EDT 2006
On Thu, 2006-08-03 at 13:39 +0530, S Rahul wrote:
> As I said, these are two extensions for enforcing login policy ... not
> for reading user password from the directory.
You miss my point (I described how Novell eDirectory and Samba 3.0
currently do this dance), but is there any documentation on these
extensions, and are these being proposed as standards anywhere?
Samba4 has very similar needs in applying additional access control
steps, and it would save me a lot of work if the standard MIT Kerberos
w/LDAP just happened to ask the questions in a way I can support...
My particular need is for details of both the user and the ticket
addresses they requested (and I suppose, the address the ticket actually
came from). Microsoft hides a netbios name in there, and we need to
check that.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20060804/82c84d9c/attachment.bin
More information about the krbdev
mailing list