Winbindd change password request

Alexey Kobozev cobedump at
Tue Jun 13 14:01:00 GMT 2006

Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Alexey Kobozev wrote:
>> Actually we did a small patch to winbindd in order to try 
>> this out and when doing it from its context I don't need
>> to know a thing about any credentials in order to search
>> in any trusted AD domain. Using some external library I'll
>> need credentials to bind to AD.
>> I just though that if winbindd is already providing 
>> functionality to work with AD, it is a right place to
>> put some searching capabilities in it.
> Would you mind sending the patch ?
> Piggy backing off the machine credentials which seems
> in inappropriate to me for general searches, but I'd like
> to see what you did before passing judgment.

That's it - seems like it's not so good from security perspective -
any user we'll be able to perform searches like that. Maybe making this
functionality available for root only will make things better?


More information about the samba-technical mailing list