s4 password changes
Matthias Dieter Wallnöfer
mdw at samba.org
Mon Aug 16 11:12:53 MDT 2010
Hi Nadya, metze, abartlet,
lately I restarted the effort to solve the s4 password change ACL
problem and I come now up with a slightly different, but cleaner
solution. The big difference now consists in the fact that the control
PASSWORD_CHANGE_PW_CHECKED has been renamed to PASSWORD_CHANGE and does
now also carry the old password as a NT hash and/or LM hash in the
following way:
(samdb.h)
> #define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10"
> +struct dsdb_control_password_change {
> + const struct samr_Password *old_nt_pwd_hash;
> + const struct samr_Password *old_lm_pwd_hash;
> +};
> +
The password_hash module does then proof these. I hope that this will
finally meet your concerns, Nadya.
The whole patchset is to be found under
http://repo.or.cz/w/Samba/mdw.git/shortlog/refs/heads/stuff or
http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=shortlog;h=refs/heads/stuff.
Matthias
More information about the samba-technical
mailing list