[Samba] samba password hashes exposed to ldapsearch

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Jul 28 21:27:32 GMT 2008

On Mon, Jul 28, 2008 at 01:32:49PM -0700, Amin Al-Regan wrote:
> Is there are way to also hide the Samba password hashes without breaking
> Samba functionality?  Say, by using some LDAP rights-management tool to
> limit access to these attributes to certain accounts.  Or does Samba require
> these hashes to be generally readable?

Samba itself needs to be able to read and write its password
attributes, but nss_ldap does not need to see them at all.
You should fix that wiki page and add the appropriate fds
acl settings there.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20080728/3a7243ae/attachment.bin

More information about the samba mailing list