[PATCH] Local password database
Andrew Bartlett
abartlet at samba.org
Tue Jul 18 06:30:09 GMT 2006
On Fri, 2006-07-14 at 10:34 -0400, simo wrote:
> On Fri, 2006-07-14 at 16:15 +1000, Andrew Bartlett wrote:
> > This patch, developed in my efforts to have Samba4 back onto an arbitary
> > LDAP server, provides a local password database, for remote entries.
> >
> > The local_password module takes advantage of the partitions module to
> > redirect password-like attributes to a different partition. There are a
> > few use cases:
> > - Testing against AD. We could aim the main partition at AD, and use
> > the passwords module to keep local passwords, where we can put them with
> > SamSync (as they are not available to read on LDAP)
> >
> > - Backing Samba4 onto a non-LDAP authentication system. I am working
> > with a system where the passwords are not in LDAP, but are instead
> > synchronized between all systems by another deamon. This system ensures
> > multi-master operation (better than what OpenLDAP can do), because with
> > passwords, the last writer always wins.
> >
> > I was asked to post these patches for seperate review, so here is the
> > local_password module, and it's required changes.
>
> 1 comment and 1 questions.
>
> You seem to not check if there is anything in the msg after you remove
> all passwords elements on modify.
>
> Why do you keep the passwords in the same ldap tree through a partition?
> I do not think they should be exposed at all directly, I would just open
> a completely separate ldb on module initialization and store the
> passwords there.
That is entirely possible. This was easier at the time, but as the
partitions module shows, it isn't that hard to open a new database.
> Why don't you create an alternative password_hash module in this case?
> It would make more sense to me to handle all password related stuff in a
> single module and choose which module to use based on what we need to
> do.
I did not wish to duplicate that much carefully constructed code. I
feel that the task of redirection is separate from the task of hashing
the password.
> > The main questions I have are: should I commit this module, and should
> > it be enabled by default?
>
> I am not sure this is the right way and we are adding a lot of stuff
> about passwords with our custom fields that we will need to change
> later, I'd like to use the same attribute names Windows use for
> compatibility so that you do not even have to strip them out before
> committing changes (we want an eventual AD backend and our LDAP to be in
> sync don't we?).
> As we are storing the passwords in a separate db it does not matter
> whether the storage format is the same or not.
This reminds me, we still have that crypto challenge to crack on DRSUAPI, so we can stop guessing...
> I would not definitely not enable this by default. I see all the LDAP
> backend stuff as optional. I want to be sure we do not depend on it.
I understand this, however I'm a bit worried that non-default codepaths
will be lost in the next ldb rewrite.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060718/263a801d/attachment.bin
More information about the samba-technical
mailing list