Re: [Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
- Date: Wed, 10 Apr 2019 16:25:47 +0100
- From: Stephen via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.
True! I agree with you Rowland that is a weakness. Unfortunately that is
a universal weakness shared by all password-based authentication
methods. I guess you would have to go with SSH-style encryption keys and
certificates to circumvent that problem entirely which might bamboozle
ordinary website users.
Dynamic bind does remove the need to create an extra special omnipotent
account with a never-expiring password though. So on that basis I am
saying it is more secure (but not absolutely secure since there are no
absolutes in life heh ;) )
To unsubscribe from this list go to the following URL and read the