Author: abartlet Date: 2004-10-26 22:18:56 +0000 (Tue, 26 Oct 2004) New Revision: 106
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/samba4-ad-thesis&rev=106&nolog=1 Log: Fix the other 'invisible footnote' (crh's credit) and clarify how we store and use passwords, from comments by G?\195?\169mes G?\195?\169za <[EMAIL PROTECTED]>. Andrew Bartlett Modified: trunk/samba4-ad-thesis/chapters.lyx Changeset: Modified: trunk/samba4-ad-thesis/chapters.lyx =================================================================== --- trunk/samba4-ad-thesis/chapters.lyx 2004-10-26 12:27:18 UTC (rev 105) +++ trunk/samba4-ad-thesis/chapters.lyx 2004-10-26 22:18:56 UTC (rev 106) @@ -936,24 +936,19 @@ It keeps track of the common authentication database that is shared by the SMB servers in the Domain. The SMB servers query the DC when a client requests access to SMB services. - -\begin_inset Foot -collapsed false - -\layout Standard - -Image and text (c) Chris Hertel + (Image and text (c) Chris Hertel \begin_inset LatexCommand \citep{hertel} \end_inset -, http://www.ubiqx.org/cifs/figures/smb-15.html +, +\family typewriter +http://www.ubiqx.org/cifs/figures/smb-15.html +\family default +) \end_inset -\end_inset - - \layout Standard For an authentication system to be secure, it must be possible to trust @@ -3299,10 +3294,15 @@ A few aspects of the hdb-ldb development created problems, due to the structure and assumptions in the original Heimdal code. - In particular, hdb-ldb is unique in Heimdal in that it contains plain-text + In particular, hdb-ldb is unique in Heimdal in that it may contain plain-text passwords, not the hashed encryption keys. - This required a minor code restructure, that has not been included by Heimdal's - developers into current snapshots. + Storing the plaintext password is required when the `store password with + reversable encryption' flag is set, and doing so by default has allowed + easier initial development. + In this case, we `hash' the passwords on the fly, but we can also store + the pre-hashed password if the plaintext is not available. + These requirements required a minor code restructure, that has now been + included by Heimdal's developers into current snapshots. \layout Subsection No PAC at this stage