Re: contrib modules to promote to mainline for 2.5?
Le 23/04/2020 à 15:44, Michael Ströder a écrit : > On 4/23/20 2:47 PM, Clément OUDOT wrote: >> Le 22/04/2020 à 18:15, Quanah Gibson-Mount a écrit : >>> Are there any contrib modules that we should consider promoting to >>> mainline for the 2.5 series? I.e., sha2, argon2 seem like potential >>> options. >> Maybe smbk5pwd module and autogroup overlay? > Is smbk5pwd really useful today? > > I'm asking although I made use of it in former deployments. > > 1. Kerberos functionality does not work with MIT Kerberos. > > 2. AFAICS NTLM password hashes (WinNT domain) will stop working with > newer Windows versions. At least that's what I understood on the Samba > mailing lists. Also storing NT password hashes is a security nightmare. It can be useful to maintain compatibility with old systems. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com
Re: contrib modules to promote to mainline for 2.5?
On 4/23/20 2:47 PM, Clément OUDOT wrote: > > Le 22/04/2020 à 18:15, Quanah Gibson-Mount a écrit : >> Are there any contrib modules that we should consider promoting to >> mainline for the 2.5 series? I.e., sha2, argon2 seem like potential >> options. > > Maybe smbk5pwd module and autogroup overlay? Is smbk5pwd really useful today? I'm asking although I made use of it in former deployments. 1. Kerberos functionality does not work with MIT Kerberos. 2. AFAICS NTLM password hashes (WinNT domain) will stop working with newer Windows versions. At least that's what I understood on the Samba mailing lists. Also storing NT password hashes is a security nightmare. Ciao, Michael.
Re: contrib modules to promote to mainline for 2.5?
Le 22/04/2020 à 18:15, Quanah Gibson-Mount a écrit : > Are there any contrib modules that we should consider promoting to > mainline for the 2.5 series? I.e., sha2, argon2 seem like potential > options. > > Maybe smbk5pwd module and autogroup overlay? For autogroup overlay, it depends on the new features of dynlist overlay (compatibility with memberOf for example) -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com
Re: contrib modules to promote to mainline for 2.5?
On Wed, Apr 22, 2020 at 07:41:40PM +0200, Michael Ströder wrote: > On 4/22/20 6:15 PM, Quanah Gibson-Mount wrote: >> Are there any contrib modules that we should consider promoting to >> mainline for the 2.5 series? I.e., sha2, argon2 seem like potential >> options. > > +1 for pw-sha2 and pw-argon2. > > FWIW: > slapo-noopsrch and slapo-lastbind is what I use in almost every > installation. Might want to improve the core lastbind support to make that overlay obsolete instead? -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP