--=-76vppKIWaS0NgN6R7zud
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2005-02-17 at 02:34 +1100, Andrew Tridgell wrote:
> Volker,
>=20
> > Agreed. But doing the ntlm(2?) bind with the machine account is ok? II=

RC this
> > can't be done in the windows world, but I think samba could implement =

this
> > without the need for kerberos I think.

>=20
> I'll leave it up to abartlet and you to work out - I'm just flagging
> that allowing anonymous access to this is not good.


I'm certainly not happy with an NTLM bind, mostly because we can't
handle the trusted domain case for:

Samba Server -> Windows Doamin (primary)
-> Samba domain (trusted)

It also just does not match windows behaviour.

For our primary domain, then a schannel bind is appropriate. For
trusted domains, this is harder to get right.

Andrew Bartlett =20

--=20
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net

--=-76vppKIWaS0NgN6R7zud
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBCE7UKz4A8Wyi0NrsRAlAEAKCKIwqZRxi9HD/aU0O4sNvgVS8NsACfUgaL
Wg1YehheUGucoiKRjbQ3Cb4=
=ZFx4
-----END PGP SIGNATURE-----

--=-76vppKIWaS0NgN6R7zud--