[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1435-g56a0f99

Andrew Bartlett abartlet at samba.org
Tue Sep 8 19:17:51 MDT 2009 

On Tue, 2009-09-08 at 20:09 -0500, Andrew Kroeger wrote:
> Matthias Dieter Wallnöfer wrote:
> > commit fdd62e9699b181a140292689fcd88a559bc26211
> > Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
> > Date:   Wed Aug 19 12:37:11 2009 +0200
> > 
> >     s4: Let the "setpassword" script finally use the "samdb_set_password" routine
> >     
> >     The "setpassword" script should use the "samdb_set_password" call to change
> >     the NT user password. Windows Server tests show that "userPassword" is not the
> >     right place to save the NT password and does not inherit the password complexity.
> 
> Matthias:
> 
> I had to locally revert this commit (along with 
> 9c4827e433e675292892bc82743d885b53574c9a, which builds on it) in order 
> to get the samba4.blackbox.passwords test to pass.
> 
> I apologize for not having more error detail on this one, but I remember 
> that the setpassword commands in testprogs/blackbox/test_passwords.sh 
> were failing with an error from the kludge_acl module because the user 
> attempting the change is not SYSTEM or Administrator.
> 
> The failures should be readily apparent when running the
> samba4.blackbox.passwords test.

Also, I'm really not sure what this change achieves.  For this to
enforce password rules, the script becomes the trusted party - but that
is the role of the database/server not the client.  

Also, there should be no barrier to this script should operating over
LDAP in future, and we have to accept and quality-check passwords over
LDAP anyway.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090909/27a41c6e/attachment.pgp>

More information about the samba-technical mailing list