Winbindd change password request
abartlet at samba.org
Wed Jun 7 16:43:30 GMT 2006
On Wed, 2006-06-07 at 13:06 +0200, Alexey Kobozev wrote:
> Hi list!
> I'm implementing the authentication against AD using MSCHAPv2
> protocol including the password change. As far as I see the
> latest Samba has the only plain text password change request
> to winbindd - WINBINDD_PAM_CHAUTHTOK, but during MSCHAPv2
> change password I don't have an old plaintext password.
> I've checked the sources and it seems to me quite simple task.
> WINBINDD_PAM_CHAUTHTOK converts new and old plain text password
> to 4 pieces: new_nt_password, old_nt_hash_enc, new_lm_password and
> old_lanman_hash_enc -> then sends request through RPC. During the
> MSCHAPv2 I already has these 4 parameters, so I just need an ability
> to send them through the winbindd request.
> So my question is are you guys planning to implement this
> functionality? Or can this be available as a patch or a part of
> next release?
So, the best way to do this would be to extend ntlm_auth with a new
helper protocol, which supplies these parameters. Then the winbind
protocol can be extended, and the backend fixed up.
I'm happy to help review patches to do this.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060607/76476336/attachment.bin
More information about the samba-technical