conflict between new password must change code and force
uninitialized passwords
Jim McDonough
jmcd at themcdonoughs.org
Mon Oct 2 02:03:29 GMT 2006
On 10/1/06, Jim McDonough <jmcd at samba.org> wrote:
>
> I've found a conflict between the new "password must change at next logon"
> code and the forcing of "uninitialized" passwords keyed off of the
> pass_last_set_time of zero. My suspicion is that the pass_last_set_time of
> zero was misinterpreted, but I'm going to run some vampire tests to verify
> this. At least in the user_info_21 and _23 structures, windows uses 0 to
> mean "must change at next logon".
>
> So basically, right now, if you set this flag, your password will be
> cleared out.
>
So my latest bzr http://people.samba.org/bzr/jmcd/SAMBA_3_0-pw.bzr/ has this
changed. I didn't change the vampire code to not clear out the passwords,
but if you agree this is the right way to treat a zero in this field, I'll
fix the vampire code too. I'm pretty sure we just interpreted it
incorrectly before.
More information about the samba-technical
mailing list