password hash patches

Matthias Dieter Wallnöfer mdw at
Sun Jun 6 14:36:17 MDT 2010

Hi ekacnet,

Matthieu Patou wrote:
> Hello mathias,
> I found that's not possible (anymore ?) to the hash of a password 
> unless this control is set:
> Do you have unit tests that verify this behavior ? searching the code 
> I didn't saw much place where this OID is used.
No, there don't exist external unit tests since this control should be 
really kept private.
> Also the question is how you can set it from the command line or from 
> python ?
> Is it done on purpose ? if so how upgradeprovision how can it set the 
> unicodePwd field (to "upgrade" the msDs-KeyVersionNumber value).
Do you really need to set the password through hashes? At the moment the 
"samdb_set_password" call is the only one place where we use this 
control from. But it is intentional that you can't access it directly 
from Python.
A way around would be to deactivate the module stack or the 
passwords_hash module for a moment to set directly "unicodePwd".


More information about the samba-technical mailing list