password hash patches

Matthieu Patou mat at
Sun Jun 6 23:12:52 MDT 2010

On 07/06/2010 00:36, Matthias Dieter Wallnöfer wrote:
> Hi ekacnet,
> Matthieu Patou wrote:
>> Hello mathias,
>> I found that's not possible (anymore ?) to the hash of a password 
>> unless this control is set:
> Exactly.
>> Do you have unit tests that verify this behavior ? searching the code 
>> I didn't saw much place where this OID is used.
> No, there don't exist external unit tests since this control should be 
> really kept private.
>> Also the question is how you can set it from the command line or from 
>> python ?
>> Is it done on purpose ? if so how upgradeprovision how can it set the 
>> unicodePwd field (to "upgrade" the msDs-KeyVersionNumber value).
> Do you really need to set the password through hashes? At the moment 
> the "samdb_set_password" call is the only one place where we use this 
> control from. But it is intentional that you can't access it directly 
> from Python.
> A way around would be to deactivate the module stack or the 
> passwords_hash module for a moment to set directly "unicodePwd".
Oulla, I really don't think it's a good idea, I'd like to have the 
confirmation from other but I don't like this idea.

> Matthias

Matthieu Patou
Samba Team

More information about the samba-technical mailing list