Move from unicodePwd to userPassword?
Andrew Bartlett
abartlet at samba.org
Fri Dec 30 12:14:43 GMT 2005
I just wanted to bring this up on the list:
I intend to move us away from using attribute names that match AD where
we do not know the format. In particular, for unicodePwd, I want to
move to userPassword. I am also interested in moving and changing the
password history attribute and format. Samba3 using a salted history,
and I think this is a valuable security improvement. (We get a glimpse
at this format in SamSync. I need to double-check the implications of a
change here).
This would make it easier to implement the unicodePwd set operation,
because it would not conflict with our internal use. I also take Luke
Howard's hint seriously: If we later migrate to match Micorsoft,
changing formats but not names sounds very painful.
If we did this the LDAP password set could then be handled by a normal
LDB plugin, which would call out to the samr_password.c code. (This
would then call back into ldb to set the password, on the userPassword
attribute).
These are fairly easy 'internal' changes as none of these attributes are
externally visible over LDAP.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051230/107bb94e/attachment.bin
More information about the samba-technical
mailing list