[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-technical
Subject: Re: Exposing password hashes to an LDAP client.
From: Andrew Bartlett <abartlet () samba ! org>
Date: 2011-03-19 10:24:00
Message-ID: 1300530240.6703.5.camel () ruth
[Download RAW message or body]
On Sat, 2011-03-19 at 10:07 +0100, Matthias Dieter Wallnöfer wrote:
> Brendan,
>
> you don't have to change the "password_hash" LDB module at all. Since on
> LDAP search requests the password attributes are removed in the "acl"
> LDB module you might only need to change some array named "password
> attributes" or so.
> But probably Nadya could help you more since she is the maintainer of
> the "acl" module.
The issue here is that brenden needs a sha1 hash, and we don't currently
store that. We certainly could have password_hash store an additional
hash - otherwise, you would need to store and expose the plaintext.
I would support such an optional extension - the main issue would be
that all the DCs must be Samba4 and configured in the same way or it
won't work.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic