Winbindd change password request
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Jun 20 11:35:27 GMT 2006
On Tue, Jun 20, 2006 at 09:32:23PM +1000, Andrew Bartlett wrote:
> > Why do you have to do that in winbind at all? I can see all
> > the advantages, but this is nothing that requires the
> > machine credentials or NSS access. For PAM I see the
> > argument that we want the PAM libs to be as small as
> > possible. What is your exact application for this? Could you
> > affort to fork a process?
>
> The application is for VPNs, which use MSCHAPv2. The RADIUS server/pppd
> might have to process this type of password change, because the password
> might have expired before login.
>
> I think this is useful for winbindd to do, because otherwise ntlm_auth
> would need to do the DC location and contact itself, and get past the
> 'restrict anonymous' settings on the DC (using the machine account). As
> such, it seems easier to have winbindd handle this :-)
Ok, next question: Why not handle this in the appropriate
winbind child?
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060620/6c33173d/attachment.bin
More information about the samba-technical
mailing list