I'm just starting to jump into freeipa/ldap, and have another question
about it.  Basically, you have LDAP, which from everything I read, is
just a directory server.  It's sole purpose is like a phone book.
Integrated (or on top of) ldap, you can have authentication.  There's
kerberos, smb/ldap, etc...

Now, my question is when you add something like "smb/windows"
authentication, do you just add a field in LDAP so it stores the
password hashes (and other windows stuff)?  When you "extend" the
schema, is all you're doing is adding the fields to the ldap database
to allow the storage of this?  If this is the case, what prevents a
malicious user from dumping the hashes to the passwords?

I know this is really a basic question, but it would help me
understand how all this works.


Freeipa-users mailing list

Reply via email to