[s4] Passwords work

Matthias Dieter Wallnöfer mdw at samba.org
Mon Feb 22 02:56:14 MST 2010

Hi abartlet,

Andrew Bartlett wrote:
> It should just require that you use ldaps:// at the front of the URL.
> Also, it no longer just requires SSL, if the connection is encrypted
> with GSSAPI, then that should work too.
I tried much but didn't succeed. How do you connect using GSSAPI with s4 
as client (didn't figure out)?
> But my biggest concern is that I can't see how you have set up proper
> access control to these attributes.  How do you ensure that users can do
> password changes, but only administrators can do a password reset?
This task should take Nadja since it will require some ACL checking 
where I'm not specialist in. And she assured me to do this when she has 
> I also wonder if it's best to use XXXXX and YYYY for dummy values, to
> try and prove you can't change certain values.  It may be valuable to
> use values that would otherwise by semantically correct.
But I think those are valid (but very unlikely) hashes with 16 
characters and the test should show, that we always get "unwilling to 
perform" if we haven't specified the hash control.
> But overall I'm very impressed, and I look forward to reviewing this
> more - we critically need this work.
I think that's my biggest work until now for s4. But it's a very needed one.


More information about the samba-technical mailing list