Samba4: Changing a user's passwd via LDAP

Lukasz Zalewski lukas at
Fri Aug 20 09:28:15 MDT 2010

Michael, Zahari
On 08/20/2010 04:26 PM, Michael Wood wrote:
> Hi Zahari
> On 20 August 2010 16:45, Zahari Zahariev<zahari.zahariev at>  wrote:
>> On 8/20/10, Lukasz Zalewski<lukas at>  wrote:
> [...]
>>> However i have noticed a strange thing. using the included script with
>>> kinit user1 at mydomain
>>> i have managed to change the password for userb - again it requires to
>>> know the userb old password - is this intended behaviour?
>> Hi Lukasz,
>> For the last question you pose -- yes this is the exact desired
>> behavior. If you have no admin rights you shoud be providing the old
>> password.
> I think he's saying that he can authenticate as userA, but change
> userB's password.  Even though he needs userB's old password, this
> seems to me like it should not be allowed.  On the other hand, if you
> have the old password, you can just log in as the other user anyway,
> so maybe it makes no difference.
yes that is what i meant :)
> This has been discussed recently.  e.g. see the thread with the
> subject "Extended request in kludge acl".

More information about the samba-technical mailing list