[Samba] samba-tool user syncpasswords / getpassword usage and clarifications

Andrew Bartlett abartlet at samba.org
Fri Oct 21 10:31:44 UTC 2016


On Wed, 2016-10-19 at 10:10 +0200, Stefan Metzmacher via samba wrote:
> Hi Dennis,
> 
>> > 
> > If this is the way it works, I was wondering if is there a reason
> > why
> > not directly storing the required hashes (ssha1, ssha256, etc.)
> > into the
> > supplementalCredentials attribute on the DC doing the password
> > change?
> 
> Because it's much more flexible that way and you can construct any
> new
> hashing scheme that will be invented in future.
> 
> If someone wants to implement storing a set of pre-calculated hashes,
> maybe in a Primary:SambaHashes field, that would also be fine in
> order
> to make it even more flexible and avoid storing the cleartext at all.

I hope we can get this at some point.  (I think we both agree it is
primarily a matter of finding the dev hours, not any problem with the
idea). 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list