Hi! I'm just starting to jump into freeipa/ldap, and have another question about it. Basically, you have LDAP, which from everything I read, is just a directory server. It's sole purpose is like a phone book. Integrated (or on top of) ldap, you can have authentication. There's kerberos, smb/ldap, etc...
Now, my question is when you add something like "smb/windows" authentication, do you just add a field in LDAP so it stores the password hashes (and other windows stuff)? When you "extend" the schema, is all you're doing is adding the fields to the ldap database to allow the storage of this? If this is the case, what prevents a malicious user from dumping the hashes to the passwords? I know this is really a basic question, but it would help me understand how all this works. Thanks, Mike _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users