Winbindd change password request
Andrew Bartlett
abartlet at samba.org
Wed Jun 7 16:43:30 GMT 2006
On Wed, 2006-06-07 at 13:06 +0200, Alexey Kobozev wrote:
> Hi list!
>
> I'm implementing the authentication against AD using MSCHAPv2
> protocol including the password change. As far as I see the
> latest Samba has the only plain text password change request
> to winbindd - WINBINDD_PAM_CHAUTHTOK, but during MSCHAPv2
> change password I don't have an old plaintext password.
>
> I've checked the sources and it seems to me quite simple task.
> WINBINDD_PAM_CHAUTHTOK converts new and old plain text password
> to 4 pieces: new_nt_password, old_nt_hash_enc, new_lm_password and
> old_lanman_hash_enc -> then sends request through RPC. During the
> MSCHAPv2 I already has these 4 parameters, so I just need an ability
> to send them through the winbindd request.
>
>
> So my question is are you guys planning to implement this
> functionality? Or can this be available as a patch or a part of
> next release?
So, the best way to do this would be to extend ntlm_auth with a new
helper protocol, which supplies these parameters. Then the winbind
protocol can be extended, and the backend fixed up.
I'm happy to help review patches to do this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060607/76476336/attachment.bin
More information about the samba-technical
mailing list