[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-technical
Subject: Re: Exposing password hashes to an LDAP client.
From: Matthias Dieter Wallnöfer <mdw () samba ! org>
Date: 2011-03-19 11:04:53
Message-ID: 4D848DD5.1000006 () samba ! org
[Download RAW message or body]
Andrew,
I'm with you. Password handling is so inherently complex in s4 (the
various AD function levels, support for "userPassword", and LM hashes)
that I wouldn't add any feature to the existing password hash LDB
module. Do you still remember how long it took to integrate and fix up
my changes? A year I think.
Btw. don't forget my EXOP branch - I have also made tridge aware of that
:) !
Thanks,
Matthias
Andrew Bartlett wrote:
> The issue here is that brenden needs a sha1 hash, and we don't currently
> store that. We certainly could have password_hash store an additional
> hash - otherwise, you would need to store and expose the plaintext.
>
> I would support such an optional extension - the main issue would be
> that all the DCs must be Samba4 and configured in the same way or it
> won't work.
>
> Andrew Bartlett
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic