Web lists-archives.com

Re: [Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.


True! I agree with you Rowland that is a weakness. Unfortunately that is a universal weakness shared by all password-based authentication methods. I guess you would have to go with SSH-style encryption keys and certificates to circumvent that problem entirely which might bamboozle ordinary website users.

Dynamic bind does remove the need to create an extra special omnipotent account with a never-expiring password though. So on that basis I am saying it is more secure (but not absolutely secure since there are no absolutes in life heh ;) )

Stephen Ellwood

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba