[s4] Passwords work
Matthias Dieter Wallnöfer
mdw at samba.org
Mon Feb 22 02:56:14 MST 2010
Hi abartlet,
Andrew Bartlett wrote:
> It should just require that you use ldaps:// at the front of the URL.
> Also, it no longer just requires SSL, if the connection is encrypted
> with GSSAPI, then that should work too.
>
I tried much but didn't succeed. How do you connect using GSSAPI with s4
as client (didn't figure out)?
> But my biggest concern is that I can't see how you have set up proper
> access control to these attributes. How do you ensure that users can do
> password changes, but only administrators can do a password reset?
>
This task should take Nadja since it will require some ACL checking
where I'm not specialist in. And she assured me to do this when she has
time.
> I also wonder if it's best to use XXXXX and YYYY for dummy values, to
> try and prove you can't change certain values. It may be valuable to
> use values that would otherwise by semantically correct.
But I think those are valid (but very unlikely) hashes with 16
characters and the test should show, that we always get "unwilling to
perform" if we haven't specified the hash control.
> But overall I'm very impressed, and I look forward to reviewing this
> more - we critically need this work.
>
I think that's my biggest work until now for s4. But it's a very needed one.
Matthias
More information about the samba-technical
mailing list