Samba4: Changing a user's passwd via LDAP

Michael Wood esiotrot at gmail.com
Fri Aug 20 09:26:31 MDT 2010


Hi Zahari

On 20 August 2010 16:45, Zahari Zahariev <zahari.zahariev at gmail.com> wrote:
> On 8/20/10, Lukasz Zalewski <lukas at dcs.qmul.ac.uk> wrote:
[...]
>> However i have noticed a strange thing. using the included script with
>> kinit user1 at mydomain
>> i have managed to change the password for userb - again it requires to
>> know the userb old password - is this intended behaviour?
>
> Hi Lukasz,
>
> For the last question you pose -- yes this is the exact desired
> behavior. If you have no admin rights you shoud be providing the old
> password.

I think he's saying that he can authenticate as userA, but change
userB's password.  Even though he needs userB's old password, this
seems to me like it should not be allowed.  On the other hand, if you
have the old password, you can just log in as the other user anyway,
so maybe it makes no difference.

This has been discussed recently.  e.g. see the thread with the
subject "Extended request in kludge acl".

-- 
Michael Wood <esiotrot at gmail.com>


More information about the samba-technical mailing list