[S4] PW Settings being ignored?
Stefan (metze) Metzmacher
metze at samba.org
Fri Nov 26 09:29:53 MST 2010
Am 26.11.2010 17:24, schrieb Brian C. Huffman:
> So, I added some debugging to the code and it appears that for some
> reason, even though I've set the history length to 0 in the pwsettings,
> it's got a length of "4" from somewhere:
>
> /* checks the NT hash password history */
> for (i = 0; i < io->o.nt_history_len; i++) {
> ret = memcmp(io->n.nt_hash,
> io->o.nt_history[i].hash, 16);
> if (ret == 0) {
> ret = LDB_ERR_CONSTRAINT_VIOLATION;
> ldb_asprintf_errstring(ldb,
> "%08X: %s -
> check_password_restrictions: "
> - "the password was already used
> (in history)!",
> + "the password was already used
> (in history)! History length: %d",
>
> W_ERROR_V(WERR_PASSWORD_RESTRICTION),
> - ldb_strerror(ret));
> + ldb_strerror(ret),
> io->o.nt_history_len);
> io->ac->status->reject_reason =
> SAM_PWD_CHANGE_PWD_IN_HISTORY;
> return ret;
> }
> }
>
> yields:
>
> msg: 0000052D: Constraint violation - check_password_restrictions: the
> password was already used (in history)! History length: 4
That's the length of the stored history.
Maybe we should use MIN(io->o.nt_history_len,
io->ac->status->domain_data.pwdHistoryLength),
but that needs testing...
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101126/e0df6e3d/attachment.pgp>
More information about the samba-technical
mailing list