The exop password change branch

Matthias Dieter Wallnöfer mdw at samba.org
Fri Nov 26 02:06:57 MST 2010 

Andrew,

when will you start working on this?

Matthias

Andrew Bartlett wrote:
> On Thu, 2010-11-18 at 11:46 +0100, Matthias Dieter Wallnöfer wrote:
>    
>> Hi abartlet,
>>
>> Andrew Bartlett wrote:
>>      
>>> Matthias,
>>>
>>> I thought you asked me recently to look at your extended password change
>>> operation code, so I've looked over your 'exop' branch, and I have so
>>> say, the code looks pretty good (and somehow simpler than I imagined).
>>>
>>> I would however like to comment on a few things, to make it even better:
>>>
>>> While it's great to have the extended op in the same module as the rest
>>> of the password changes, it does mean that we go down the stack, then
>>> back up again.  I wonder if it might be better to have a new module at
>>> the top of the stack, so the process is clearer.
>>>
>>>        
>> Well, but there aren't so many modules, which implement extended
>> operations - therefore this shouldn't take too long. And I think this
>> really belongs in the "password_hash" module - well it's my personal
>> point of view.
>>      
> It is more about structure than about speed.  What should the ACL module
> do with extended operations?  If it is transformed into normal
> modifications above the ACL module then no additional changes or
> exceptions are required.
>
>    
>>> The patch should also allow administrative password changes, where just
>>> like on unicodePwd, the admin does not need to specify the old password.
>>>
>>>        
>> Probably you are right. Will look again into the code.
>>      
>>> I couldn't find the ASN.1 code, which I think you were trying to ask me
>>> (somewhere - I can't remember where) to look over.  Can you point me at
>>> it?  I think this will be one of our first extended operations to be
>>> decoded in the LDAP server, so you may need to set up some
>>> infrastructure :-)
>>>
>>>        
>> The issue is that I really do understand nothing about ASN.1. Therefore
>> it would be great if someone could take over this part or give me some
>> tight instructions.
>>      
> ASN.1 is deserving of it's nasty reputation.  I'll try and look at it
> over the next day or so - remind me if I don't get to it by next week.
>
> BTW, thanks for getting to this!  This will be a very useful feature
> once implemented.
>
> Andrew Bartlett
>
>

More information about the samba-technical mailing list