Samba4: Changing a user's passwd via LDAP
Lukasz Zalewski
lukas at dcs.qmul.ac.uk
Fri Aug 20 09:28:15 MDT 2010
Michael, Zahari
On 08/20/2010 04:26 PM, Michael Wood wrote:
> Hi Zahari
>
> On 20 August 2010 16:45, Zahari Zahariev<zahari.zahariev at gmail.com> wrote:
>> On 8/20/10, Lukasz Zalewski<lukas at dcs.qmul.ac.uk> wrote:
> [...]
>>> However i have noticed a strange thing. using the included script with
>>> kinit user1 at mydomain
>>> i have managed to change the password for userb - again it requires to
>>> know the userb old password - is this intended behaviour?
>>
>> Hi Lukasz,
>>
>> For the last question you pose -- yes this is the exact desired
>> behavior. If you have no admin rights you shoud be providing the old
>> password.
>
> I think he's saying that he can authenticate as userA, but change
> userB's password. Even though he needs userB's old password, this
> seems to me like it should not be allowed. On the other hand, if you
> have the old password, you can just log in as the other user anyway,
> so maybe it makes no difference.
yes that is what i meant :)
>
> This has been discussed recently. e.g. see the thread with the
> subject "Extended request in kludge acl".
>
More information about the samba-technical
mailing list