[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1435-g56a0f99
Andrew Bartlett
abartlet at samba.org
Tue Sep 8 19:17:51 MDT 2009
On Tue, 2009-09-08 at 20:09 -0500, Andrew Kroeger wrote:
> Matthias Dieter Wallnöfer wrote:
> > commit fdd62e9699b181a140292689fcd88a559bc26211
> > Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
> > Date: Wed Aug 19 12:37:11 2009 +0200
> >
> > s4: Let the "setpassword" script finally use the "samdb_set_password" routine
> >
> > The "setpassword" script should use the "samdb_set_password" call to change
> > the NT user password. Windows Server tests show that "userPassword" is not the
> > right place to save the NT password and does not inherit the password complexity.
>
> Matthias:
>
> I had to locally revert this commit (along with
> 9c4827e433e675292892bc82743d885b53574c9a, which builds on it) in order
> to get the samba4.blackbox.passwords test to pass.
>
> I apologize for not having more error detail on this one, but I remember
> that the setpassword commands in testprogs/blackbox/test_passwords.sh
> were failing with an error from the kludge_acl module because the user
> attempting the change is not SYSTEM or Administrator.
>
> The failures should be readily apparent when running the
> samba4.blackbox.passwords test.
Also, I'm really not sure what this change achieves. For this to
enforce password rules, the script becomes the trusted party - but that
is the role of the database/server not the client.
Also, there should be no barrier to this script should operating over
LDAP in future, and we have to accept and quality-check passwords over
LDAP anyway.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090909/27a41c6e/attachment.pgp>
More information about the samba-technical
mailing list