Winbindd change password request
Andrew Bartlett
abartlet at samba.org
Tue Jun 20 11:32:23 GMT 2006
On Tue, 2006-06-20 at 12:50 +0200, Volker Lendecke wrote:
> On Tue, Jun 20, 2006 at 11:44:45AM +0200, Alexey Kobozev wrote:
> > Thanks Andrew! We're looking forward for comment from RPC guys.
>
> Why do you have to do that in winbind at all? I can see all
> the advantages, but this is nothing that requires the
> machine credentials or NSS access. For PAM I see the
> argument that we want the PAM libs to be as small as
> possible. What is your exact application for this? Could you
> affort to fork a process?
The application is for VPNs, which use MSCHAPv2. The RADIUS server/pppd
might have to process this type of password change, because the password
might have expired before login.
I think this is useful for winbindd to do, because otherwise ntlm_auth
would need to do the DC location and contact itself, and get past the
'restrict anonymous' settings on the DC (using the machine account). As
such, it seems easier to have winbindd handle this :-)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060620/9359b416/attachment.bin
More information about the samba-technical
mailing list