Winbindd change password request

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Jun 20 11:35:27 GMT 2006

On Tue, Jun 20, 2006 at 09:32:23PM +1000, Andrew Bartlett wrote:
> > Why do you have to do that in winbind at all? I can see all
> > the advantages, but this is nothing that requires the
> > machine credentials or NSS access. For PAM I see the
> > argument that we want the PAM libs to be as small as
> > possible. What is your exact application for this? Could you
> > affort to fork a process?
> The application is for VPNs, which use MSCHAPv2.  The RADIUS server/pppd
> might have to process this type of password change, because the password
> might have expired before login. 
> I think this is useful for winbindd to do, because otherwise ntlm_auth
> would need to do the DC location and contact itself, and get past the
> 'restrict anonymous' settings on the DC (using the machine account).  As
> such, it seems easier to have winbindd handle this :-)

Ok, next question: Why not handle this in the appropriate
winbind child?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list