Winbindd change password request

Alexey Kobozev cobedump at
Wed Jun 21 16:12:01 GMT 2006

Volker Lendecke wrote:
> On Tue, Jun 20, 2006 at 09:32:23PM +1000, Andrew Bartlett wrote:
>>> Why do you have to do that in winbind at all? I can see all
>>> the advantages, but this is nothing that requires the
>>> machine credentials or NSS access. For PAM I see the
>>> argument that we want the PAM libs to be as small as
>>> possible. What is your exact application for this? Could you
>>> affort to fork a process?
>> The application is for VPNs, which use MSCHAPv2.  The RADIUS server/pppd
>> might have to process this type of password change, because the password
>> might have expired before login. 
>> I think this is useful for winbindd to do, because otherwise ntlm_auth
>> would need to do the DC location and contact itself, and get past the
>> 'restrict anonymous' settings on the DC (using the machine account).  As
>> such, it seems easier to have winbindd handle this :-)
> Ok, next question: Why not handle this in the appropriate
> winbind child?

I'm not sure I understand what you mean.
Could you please be more specific?


More information about the samba-technical mailing list