Exposing password hashes to an LDAP client.
Matthias Dieter Wallnöfer
mdw at samba.org
Sat Mar 19 05:04:53 MDT 2011
I'm with you. Password handling is so inherently complex in s4 (the
various AD function levels, support for "userPassword", and LM hashes)
that I wouldn't add any feature to the existing password hash LDB
module. Do you still remember how long it took to integrate and fix up
my changes? A year I think.
Btw. don't forget my EXOP branch - I have also made tridge aware of that
Andrew Bartlett wrote:
> The issue here is that brenden needs a sha1 hash, and we don't currently
> store that. We certainly could have password_hash store an additional
> hash - otherwise, you would need to store and expose the plaintext.
> I would support such an optional extension - the main issue would be
> that all the DCs must be Samba4 and configured in the same way or it
> won't work.
> Andrew Bartlett
More information about the samba-technical