Winbindd change password request

Andrew Bartlett abartlet at
Tue Jun 13 14:22:00 GMT 2006

On Tue, 2006-06-13 at 16:01 +0200, Alexey Kobozev wrote:
> Gerald (Jerry) Carter wrote:
> > Hash: SHA1
> > 
> > Alexey Kobozev wrote:
> > 
> >> Actually we did a small patch to winbindd in order to try 
> >> this out and when doing it from its context I don't need
> >> to know a thing about any credentials in order to search
> >> in any trusted AD domain. Using some external library I'll
> >> need credentials to bind to AD.
> >>
> >> I just though that if winbindd is already providing 
> >> functionality to work with AD, it is a right place to
> >> put some searching capabilities in it.
> > 
> > Would you mind sending the patch ?
> > 
> > Piggy backing off the machine credentials which seems
> > in inappropriate to me for general searches, but I'd like
> > to see what you did before passing judgment.
> > 
> That's it - seems like it's not so good from security perspective -
> any user we'll be able to perform searches like that. Maybe making this
> functionality available for root only will make things better?

I'm a little lost how this would be different to 'net ads search -P', ie
using the machine account password from the secrets.tdb, except that you
could benefit from the DC location logic.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list