Web lists-archives.com

Re: [Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.





To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.

Rowland

True! I agree with you Rowland that is a weakness. Unfortunately that is a universal weakness shared by all password-based authentication methods. I guess you would have to go with SSH-style encryption keys and certificates to circumvent that problem entirely which might bamboozle ordinary website users.

Dynamic bind does remove the need to create an extra special omnipotent account with a never-expiring password though. So on that basis I am saying it is more secure (but not absolutely secure since there are no absolutes in life heh ;) )

Cheers
Stephen Ellwood


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba