Winbindd change password request

Andrew Bartlett abartlet at
Tue Jun 20 11:32:23 GMT 2006

On Tue, 2006-06-20 at 12:50 +0200, Volker Lendecke wrote:
> On Tue, Jun 20, 2006 at 11:44:45AM +0200, Alexey Kobozev wrote:
> > Thanks Andrew! We're looking forward for comment from RPC guys.
> Why do you have to do that in winbind at all? I can see all
> the advantages, but this is nothing that requires the
> machine credentials or NSS access. For PAM I see the
> argument that we want the PAM libs to be as small as
> possible. What is your exact application for this? Could you
> affort to fork a process?

The application is for VPNs, which use MSCHAPv2.  The RADIUS server/pppd
might have to process this type of password change, because the password
might have expired before login. 

I think this is useful for winbindd to do, because otherwise ntlm_auth
would need to do the DC location and contact itself, and get past the
'restrict anonymous' settings on the DC (using the machine account).  As
such, it seems easier to have winbindd handle this :-)

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list