[Samba] samba-tool user syncpasswords / getpassword usage and clarifications
Andrew Bartlett
abartlet at samba.org
Fri Oct 21 10:31:44 UTC 2016
On Wed, 2016-10-19 at 10:10 +0200, Stefan Metzmacher via samba wrote:
> Hi Dennis,
>
> >
> >
> > If this is the way it works, I was wondering if is there a reason
> > why
> > not directly storing the required hashes (ssha1, ssha256, etc.)
> > into the
> > supplementalCredentials attribute on the DC doing the password
> > change?
>
> Because it's much more flexible that way and you can construct any
> new
> hashing scheme that will be invented in future.
>
> If someone wants to implement storing a set of pre-calculated hashes,
> maybe in a Primary:SambaHashes field, that would also be fine in
> order
> to make it even more flexible and avoid storing the cleartext at all.
I hope we can get this at some point. (I think we both agree it is
primarily a matter of finding the dev hours, not any problem with the
idea).
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list