Winbindd change password request
Alexey Kobozev
cobedump at gmail.com
Wed Jun 21 16:12:01 GMT 2006
Volker Lendecke wrote:
> On Tue, Jun 20, 2006 at 09:32:23PM +1000, Andrew Bartlett wrote:
>>> Why do you have to do that in winbind at all? I can see all
>>> the advantages, but this is nothing that requires the
>>> machine credentials or NSS access. For PAM I see the
>>> argument that we want the PAM libs to be as small as
>>> possible. What is your exact application for this? Could you
>>> affort to fork a process?
>> The application is for VPNs, which use MSCHAPv2. The RADIUS server/pppd
>> might have to process this type of password change, because the password
>> might have expired before login.
>>
>> I think this is useful for winbindd to do, because otherwise ntlm_auth
>> would need to do the DC location and contact itself, and get past the
>> 'restrict anonymous' settings on the DC (using the machine account). As
>> such, it seems easier to have winbindd handle this :-)
>
> Ok, next question: Why not handle this in the appropriate
> winbind child?
I'm not sure I understand what you mean.
Could you please be more specific?
Thanks!
More information about the samba-technical
mailing list