s4: Let the "setpassword" script finally use the "samdb_set_password" routine

Matthias Dieter Wallnöfer mwallnoefer at yahoo.de
Thu Sep 10 05:51:44 MDT 2009


Andrew,

I'll revert this change soon!

Matthias

Andrew Bartlett schrieb:
> On Wed, 2009-09-09 at 19:17 +0200, Matthias Dieter Wallnöfer wrote:
>   
>> Hi Andrew!
>>
>> I wanted to achieve that the "setpassword" tool uses the 
>> "samdb_set_password" call so at least it should enforce now the password 
>> policies.
>>     
>
> But changing the client doesn't enforce the policies.  setpassword is a
> client here (despite doing local DB interaction).  It should remain as
> simple as possible, just like an LDAP client.  Policy enforcement
> belongs in the server, so it applies to everything - LDAP clients
> included (ie, it needs to be in the LDB modules, or something they
> call). 
>
>   
>> Regarding "userPassword": on Windows Server 2003 I set it to a certain 
>> value (hash) but wasn't able to login afterwards with it. Are you sure 
>> that this attribute is also used for saving the login password?
>>     
>
> It takes a plaintext UTF8 string as I understand it (and if it doesn't
> that's what I want Samba to accept). 
>
> The other attribute that can be set (and is used by Windows clients!) is
> "unicodePwd" which takes a quoted unicode string, but that's a right
> pain to construct in python. 
>
> Andrew Bartlett
>
>   




More information about the samba-technical mailing list