The exop password change branch

Andrew Bartlett abartlet at
Thu Nov 18 03:39:36 MST 2010


I thought you asked me recently to look at your extended password change
operation code, so I've looked over your 'exop' branch, and I have so
say, the code looks pretty good (and somehow simpler than I imagined). 

I would however like to comment on a few things, to make it even better:

While it's great to have the extended op in the same module as the rest
of the password changes, it does mean that we go down the stack, then
back up again.  I wonder if it might be better to have a new module at
the top of the stack, so the process is clearer. 

The patch should also allow administrative password changes, where just
like on unicodePwd, the admin does not need to specify the old password.

I couldn't find the ASN.1 code, which I think you were trying to ask me
(somewhere - I can't remember where) to look over.  Can you point me at
it?  I think this will be one of our first extended operations to be
decoded in the LDAP server, so you may need to set up some
infrastructure :-)

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list