What is PCNS?

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Apr 6 07:19:40 GMT 2005


On Tue, Apr 05, 2005 at 03:36:32PM -0500, Christopher R. Hertel wrote:
> Thing is, PCNS (according to the MS SE) runs on the domain controller, 
> and is accessed via secure RPC.  That'd mean that the client is actually 
> sending the (encrypted) plaintext password over the wire to the DC.

In SFU there's a unix sync daemon that can send password changes to Unix. Unix
gets the new plain text password via some encrypted path. I looked at SFU2.0
once and tried to recompile the Unix part on SuSE. The details suck, but the
message here is that you can obviously hook into the AD password change
routines to grab the new plain text, very much like you can with our unix
password sync mechanism.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050406/e7370cf9/attachment.bin


More information about the samba-technical mailing list