Why Samba didn't use pam to hook into cracklib

Andrew Bartlett abartlet at samba.org
Sun Apr 10 05:12:50 GMT 2005

On Sat, 2005-04-09 at 21:53 -0700, Howard Chu wrote:

> I guess it's worth considering for those sites that use a non-LDAP hdb 
> backing store. For sites that use the Heimdal KDC backed by LDAP there's 
> really no reason to do password changes through anything besides LDAP.

I'm not exactly sure what you mean here - from the 'Samba' point of
view, I see that I should support every (secure) available system for
password changing.  I can't force my Windows clients to talk to LDAP
directly, and setting up Linux clients to do pam_krb5 for both
authentication and password changes is well worthwhile.

If you mean, that the cleartext should be delivered to the directory
server, then yes, this is how I see things.  

I should get back to Heimdal hacking some time, and get the plaintext
password set into hdb-ldap...

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050410/25b1ccfa/attachment.bin

More information about the samba-technical mailing list