[PATCH] Password Locked Account Control
abartlet at samba.org
Fri Jul 12 23:09:02 GMT 2002
Patrick McCarty wrote:
> Attached is a patch against HEAD that provides the 'P' option for
Can you please verify that this is the correct bit to set? Rember, MS
defines them - so we should check. Ethereal should be able to show you.
> I havent been able to test this yet, so use with care.
> Ideally, this would eventually set the "user cannot change password" bit
> to the client, but as Andrew mentioned, this hasnt been fully implemented,
> and I'm not clear as to where in the code that functionality should even
> be. (I am working on it however.)
> I plan on attempting to implement the pwdCanChange as well, as I believe I
> understand how that could be done.
This patch is incorrect. The problem is that there are about 5
different ways you can change a password remotely.
Basiclly, the code needs a general rewrite - at the very lest we need
the BOOLs converted to NTSTATUS.
We don't really have a single 'choke point'. We need to get one, and to
do access control etc there.
change_oem_password() is as close as we get, and thats called *after*
the unix password sync stuff. Sniff around the functions that call
that, and try to get the scope of the problem.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical