Only allow SeMachineAccountPrivilege on machine accounts
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 26 15:24:43 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Andrew Bartlett wrote:
| This patch restricts their operation to resetting
| only the passwords of workstations. This better matches
| what I was expecting, and I hope it matches windows better.
After looking at this some more, I'm not sure it is quite
correct. It prevents any administrative user_info changes
unless it is a machine account and the connected user
posseses the SeMachineAccountPrivilege right.
This means that root can no longer set passwords for
users either. I'm going to clean this up and check it in.
Let me know if you see any problems with the patch.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical