Re: password API needed

Luke Kenneth Casson Leighton (lkcl@cb1.com)
Tue, 12 May 1998 14:20:47 +0000 (GMT)

Date:	Tue, 12 May 1998 14:20:47 +0000 (GMT)
From:	Luke Kenneth Casson Leighton <lkcl@cb1.com>
To:	Jean-Francois Micouleau <Jean-Francois.Micouleau@utc.fr>, Multiple recipients of list <samba-technical@samba.anu.edu.au>
Subject: Re: password API needed
In-Reply-To: <Pine.LNX.3.96.980512104252.178B-100000@regent.cb1.com>

jean-francois,

the password system you have (putting the password in clear-text) is
unfortunately not sufficient. if we do one of the following:

- create an ldap database from a private/smbpasswd file

- create an ldap database from an NT PDC SAM registry (the holy grail that
really takes microsoft's biscuit - an NT -> Samba migration tool HAHA!)

- add PDC / BDC replication, and support mixed NT / Samba PDC/BDC
environments

then we will need to put the 16 byte hashes in, not the plain-text
password. this is because the plain-text password, in the above
scenarios, will not be available.

so, if i add "ntPwdHash" and "lmPwdHash" to the ldap schema, you know why
:-)

luke

p.s how do you go about _modifying_ ldap database entries?