Winbindd change password request

Andrew Bartlett abartlet at
Wed Jun 7 16:43:30 GMT 2006

On Wed, 2006-06-07 at 13:06 +0200, Alexey Kobozev wrote:
> Hi list!
> I'm implementing the authentication against AD using MSCHAPv2
> protocol including the password change. As far as I see the
> latest Samba has the only plain text password change request
> to winbindd - WINBINDD_PAM_CHAUTHTOK, but during MSCHAPv2
> change password I don't have an old plaintext password.
> I've checked the sources and it seems to me quite simple task.
> WINBINDD_PAM_CHAUTHTOK converts new and old plain text password
> to 4 pieces: new_nt_password, old_nt_hash_enc, new_lm_password and
> old_lanman_hash_enc -> then sends request through RPC. During the
> MSCHAPv2 I already has these 4 parameters, so I just need an ability
> to send them through the winbindd request.
> So my question is are you guys planning to implement this
> functionality? Or can this be available as a patch or a part of
> next release?

So, the best way to do this would be to extend ntlm_auth with a new
helper protocol, which supplies these parameters.  Then the winbind
protocol can be extended, and the backend fixed up.

I'm happy to help review patches to do this.

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list