On Sun, Aug 04, 2002 at 08:01:27PM +0200, Roland Bauerschmidt wrote: > Steve Langasek wrote: > > If Samba has LDAP support compiled in and turned on (as must be the case > > to use Samba with LDAP!), then the 'smbpasswd' utility can be used to > > manage passwords in the LDAP directory, without the need for other > > utilities. Depending on your needs, the 'pdbedit' import util and > > the 'pam_smbpass' pam module may also serve. > Yes, I'm aware of that. Nonetheless, it can still be useful to be able > to create those hashes manually, i.e. in a Web-based LDAP administration > tool. I imagine the LDAP administration tool is written in a scripting language. In that case, it seems to me that a module for the scripting language in question would also be more useful than a standalone util, and allow for better code reuse. I'm aware of existing NTLM hash modules for at least perl and PHP. The latter may not be packaged yet, though; it may be that the license issues aren't all sorted out. > While we are at it, I have some off-topic question: Does pam_smbpass add > the ntPassword and lmPassword attributes if they don't exist? Or does > this only work if nullok is specified? Or not at all? When running as a user, you will need to set the 'nullok' option to get pam_smbpass to create these attributes for users that don't have them. (Otherwise, the user will be unable to prove he knows the current password.) When running as root, the module will create the entries as needed. Steve Langasek postmodern programmer
Attachment:
pgpECXvkozlSM.pgp
Description: PGP signature