passwords.py patch
Matthias Dieter Wallnöfer
mdw at samba.org
Thu Jul 1 08:21:12 MDT 2010
Hi Nadya,
regarding the "minPwdAge": as far as I can tell the SAMR-PASSWORDS tests
don't influence it. So I conclude that also s3 stucks with "0" as
default value as we do.
Well, as already written yesterday I am comfortable with an adaption of
all torture password tests but only patching "passwords.py" alone I
really don't see the need for. So if we agree to introduce "minPwdAge"
adaptions on all such tests I will adopt this in "passwords.py".
I've also considered your second proposal regarding the user password
changes - very strange that you need to modify the ACL. Since for
Windows you have only to perform this small change:
> # FIXME: Reactivate the user credentials when we have user
> password
> # change support also on the ACL level in s4
> creds2.set_username(creds.get_username())
> creds2.set_password(creds.get_password())
^^^ delete/deactivate this
> #creds2.set_username("testuser")
> #creds2.set_password("thatsAcomplPASS1")
^^^ and reactivate this
I tried this against s4 and it still doesn't pass. Errors are for example:
> LdbError: (50, 'LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -
> <00002098: insufficient access rights - error in module acl:
> insufficient access rights (50)> <>')
Therefore some LDB module (could be the ACL module, but also the
DESCRIPTOR or SAMLDB module on entry creation...) still has some
incompatibility which we need to track down.
Greets,
Matthias
Nadezhda Ivanova wrote:
> Hi Matthias,
> Attached is my proposed patch to reset minPwdAge so no manual
> resetting is needed against windows.
>
> In addition, when I ran the tests using the credentials of "testuser",
> as they are supposed to run when ACL checks stop failing, one of your
> negative tests returned INSIFFUCIENT_ACCESS instead of the expected
> UNWILLING_TO_PERFORM, so to make it work as expected I gave that user
> the necessary access right. So what do you think, can I push it?
>
> Regards,
> Nadya
More information about the samba-technical
mailing list