simple password sync method

d tbsky tbskyd at
Tue May 4 23:52:32 UTC 2021

Andrew Bartlett <abartlet at>
> On Tue, 2021-05-04 at 15:39 +0800, d tbsky via samba-technical wrote:
> If you know the target password type (eg crypt()) then we can store
> some such passwords without the need for the GPG key, and run the sync
> from there.
> eg set "password hash userPassword schemes = CryptSHA512"
> We won't be adding the 'samba3' style password sync to the AD DC, due
> to locking requirements.  At the point where we can process a password
> sync, we have to lock the DB against all other changes, and it would
> risk service to all other users to start making calls at this point.

  I can not predict the password type of the service may need sync.
but thanks a lot for the explanation so I can understand why it won't
be implemented.
I assume you mean system will lock the DB when password change so it
can not process other request at the same time.
if that's true, then a correct ugly hack to trigger a script would
just cause system slow down instead of horrible race condition?

> Of course Samba remains Free Software and you may make whatever changes
> you desire for your private use, but this is our feeling regarding what
> we will allow upstream.
> Andrew Bartlett
> --
> Andrew Bartlett (he/him)
> Samba Team Member (since 2001)
> Samba Team Lead, Catalyst IT
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions

More information about the samba-technical mailing list