[PATCH] Implement the check password script functionality in AD
metze at samba.org
Mon Jun 20 04:58:28 UTC 2016
> I'm an intern at Catalyst working with Garming Sam, learning Samba.
> Attached is a patch to implement the check password functionality in AD,
> which includes a test using sed matching as a password script. It acts
> much like it does in source3, however it runs your script as root and
> doesn't allow any macro substitutions.
> The test exists in the CHGDCPASS environment, which now no longer uses
> the AD complexity checks and just disallows a fixed unacceptable
> password. This lets us check the script over all the protocols.
> Please review and push if acceptable.
I had to solve a similar problem, people wanted to use a script to sync
password changes to things like OpenLDAP.
As I realized that using this would mean we will call an external script
while holding the transaction lock. I'm 100% sure people will write scripts
which will cause deadlocks this way. We just can't do any (blocking) IPC
a transaction, sorry!
For that reason I used another approach see:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical