simple password sync method
tbskyd at gmail.com
Tue May 4 23:52:32 UTC 2021
Andrew Bartlett <abartlet at samba.org>
> On Tue, 2021-05-04 at 15:39 +0800, d tbsky via samba-technical wrote:
> If you know the target password type (eg crypt()) then we can store
> some such passwords without the need for the GPG key, and run the sync
> from there.
> eg set "password hash userPassword schemes = CryptSHA512"
> We won't be adding the 'samba3' style password sync to the AD DC, due
> to locking requirements. At the point where we can process a password
> sync, we have to lock the DB against all other changes, and it would
> risk service to all other users to start making calls at this point.
I can not predict the password type of the service may need sync.
but thanks a lot for the explanation so I can understand why it won't
I assume you mean system will lock the DB when password change so it
can not process other request at the same time.
if that's true, then a correct ugly hack to trigger a script would
just cause system slow down instead of horrible race condition?
> Of course Samba remains Free Software and you may make whatever changes
> you desire for your private use, but this is our feeling regarding what
> we will allow upstream.
> Andrew Bartlett
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
> Samba Development and Support, Catalyst IT - Expert Open Source
More information about the samba-technical