Extended request in kludge acl
Andrew Bartlett
abartlet at samba.org
Thu Jul 8 04:36:24 MDT 2010
On Thu, 2010-07-08 at 12:40 +0300, Nadezhda Ivanova wrote:
> Hi Andrew,
> We had some discussion with Matthias on IRC, and we came up with 3
> ways to solve the problem.
> One way is to keep the control and apply the patch as it is. I really
> do not like it because of reasons listed in previous mails. Another is
> to use an extended operation, which would complicate things and is yet
> another way to bypass security checks.
> The third way, which I am most in favor of, is for the samr to
> actually start providing both passwords on a password change, so we
> can use the standard flow of things. It just seems wrong to me to use
> sambd_set_password instead of a function that will provide both, and
> then introduce internal hacks to handle the problem.
>
> What do you think?
So the SAMR password change server would supply the old hashed password,
and then the new plaintext password to prove it's a password change op?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100708/552e3637/attachment.pgp>
More information about the samba-technical
mailing list