Bug 2874 - Password change -- Wbinfo and Winbind allow BOTH
OLD & NEW passwords to work..
abartlet at samba.org
Tue Oct 4 01:04:11 GMT 2005
On Tue, 2005-10-04 at 07:30 +1000, Andrew Bartlett wrote:
> On Mon, 2005-10-03 at 13:11 -0700, Jeremy Allison wrote:
> > On Mon, Oct 03, 2005 at 04:00:17PM -0400, Brian Moran wrote:
> > > One of our employees is seeing that BOTH old and new passwords work just
> > > after he's changed his password on the domain...
> > >
> > >
> > > Looks like this is the same as 2874. What additional information is
> > > required to verify and squash this one?
> > Debug level 10 log from winbindd. I wonder if it's authenticating
> > against a pdc and bdc which haven't replicated yet, or it's password
> > history....
> That will be the bit to test, I'll see if I can add it to my
> RPC-SAMLOGON test.
I've added tests, and it appears that old passwords are valid for a
network login, but not a 'interactive' login. Even weirder, the old
password logins do not return a session key...
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051004/52f74cb6/attachment.bin
More information about the samba-technical