[samba-tng] sam tdb password verification problem
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 1 08:00:00 GMT 2000
ok. how do i test passwords????
it's all through the samr API.
i have a function to _set_ passwords. 3, in fact. 1 for users, 2 for
all the password get samr apis specifically _don't_ return the password.
with the private/smbpasswd api, you call get_smbpwd_entry() in netlogond,
and you're happy. right?
well, i don't _have_ a get_smbpwd_entry() for use in netlogond!
i was thinking of combining netlogond and samrd like how microsoft do
NETLOGON and samr in LSASS.EXE.
i think i might have to add either a special info level to the samr
password API to get the password hashes, or a special "private" function
to samr to _check_ the 8-chal/var-resps, _or_ use the tdb password code in
netlogond once it's written.
none of which are particularly appealing. a "private" function is, if i
tink about it, out of the question, that's netlogond's job to deal with
chal/response generation/checking, which leaves a special info level or
tdb access code.
a special info level is better as it makes netlogond more generic
[independent of the underlying password database api code, tdb, ldap or
this is awkward!
More information about the samba-technical