[Dovecot] Concerned about Dovecot's new NTLM code

Andrew Bartlett abartlet at samba.org
Mon Sep 27 12:57:48 EEST 2004


On Mon, 2004-09-27 at 19:26, Karl Latiss wrote:
> Maybe I'm missing something here, but with LDAP as a backend single
> sign-on seems to work just fine for Samba (and therefore Windows),
> email, FTP, you name it. I only have to manage the users in LDAP - no
> other DB at all.

There are issues with what attributes passwords are stored in, access to
those passwords and what format they are in.

For example, Samba reads and uses the sambaNTPassword and
sambaLMPassword, but OpenLDAP (and other applications) don't use these
by default, when authenticating a login.  I'm not entirely sure what
dovecot wants to use, but it's likewise 'yet another password'.  Oh, and
I hate 'password sync' issues.  

I have solutions I use to avoid all these problems (even Kerberos!), but
they are not yet mainstream - what I'm doing here is trying to avoid
another application that will 'break' without it's own special password.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040927/206c1962/attachment.pgp


More information about the dovecot mailing list