[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Slapd-config, jrpasswd and admins

Finn-Arne Johansen:
> I've checked in a new slapd-sarge-debian-edu.conf. Those of you who
> knows anything about slapd configuration, please have a look.
> I've tested this one, and it will allow jradmins to change _every_
> password except the ldap-admin password.
> 
> There is also the new utility called jrpasswd by Bjoern Ove (gagatan),
> located at the same location, that should do the job.
> The later should provide better security, since it's python, and the
> former is bash code, which could make it possible to sniff the password
> while used (although I have not been able to sniff the password)
> 
> I'm not sure about how jrpasswd will update the samba password, but I
> know that passwd tries to use sudo , so you will have to do some work
> there.

I'm not quite shure what passwd and sudo has to do with samba-passwords here.
jrpasswd changes the lanman- and nt-hashes if configured to do so. 

I'll be in Oslo on Tuesday (21.2.) and have some time between meetings at UiO
campus and when my flight back to Trondheim in the evening. Anyone want to meet up to
discuss this, user administration in skolelinux or just the general
conspiracy thingy - don't hesitate to contact me by email or irc (Gagatan).

-- 
Regards
 
Bjørn Ove Grøtan
Reply to: