Winbindd change password request
Alexey Kobozev
cobedump at gmail.com
Tue Jun 13 14:01:00 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Alexey Kobozev wrote:
>
>> Actually we did a small patch to winbindd in order to try
>> this out and when doing it from its context I don't need
>> to know a thing about any credentials in order to search
>> in any trusted AD domain. Using some external library I'll
>> need credentials to bind to AD.
>>
>> I just though that if winbindd is already providing
>> functionality to work with AD, it is a right place to
>> put some searching capabilities in it.
>
> Would you mind sending the patch ?
>
> Piggy backing off the machine credentials which seems
> in inappropriate to me for general searches, but I'd like
> to see what you did before passing judgment.
>
That's it - seems like it's not so good from security perspective -
any user we'll be able to perform searches like that. Maybe making this
functionality available for root only will make things better?
-Alexey
More information about the samba-technical
mailing list