Re: password API needed

Jean-Francois Micouleau (Jean-Francois.Micouleau@utc.fr)
Tue, 12 May 1998 23:07:29 +0200 (MET DST)

Date:	Tue, 12 May 1998 23:07:29 +0200 (MET DST)
From:	Jean-Francois Micouleau <Jean-Francois.Micouleau@utc.fr>
To:	Luke Kenneth Casson Leighton <lkcl@switchboard.net>
Subject: Re: password API needed
In-Reply-To: <Pine.LNX.3.96.980512194421.2990K-100000@regent.cb1.com>

On Tue, 12 May 1998, Luke Kenneth Casson Leighton wrote:

> > You have to make the distinction between users and trusts accounts.
>
> why? not in my book you don't, and not in an NT SAM you don't. trust
> accounts _are_ SAM users, but just with a different ACB_xxxx value.

your book ? You found good books on microsoft #]}]&~i" protocols ?

I mean with trust accounts you don't care about unix password
synchronization. Those have to be totally hidden from the user/admin side.

> > I don't like it, I prefer to follow RFC2037.
> wossat, then? what's that say (in a nutshell)

I said I prefer to store the password as proposed in RFC 2037, cause NT5
schema is not stable right now. We can take a look at NT5 schema (to know
how it looks like) but I'm sure it's not the definitive one that will be
in the shipping version of NT5.

> then we will have to invent / use what microsoft does, which is to
> obfuscate with a long-term session key.

It's in the case where you want to store clear text password. If you want
to obfuscate, you need to patch slapd, humm.
I should look on critical angle repository web server, there was something
there.

Is there any ldap guru on this list ?

Jean Francois

-----------------------------------------------------------
Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
try to install Windows NT !"
-----------------------------------------------------------