On Sat, 2005-04-09 at 21:53 -0700, Howard Chu wrote: > I guess it's worth considering for those sites that use a non-LDAP hdb > backing store. For sites that use the Heimdal KDC backed by LDAP there's > really no reason to do password changes through anything besides LDAP. I'm not exactly sure what you mean here - from the 'Samba' point of view, I see that I should support every (secure) available system for password changing. I can't force my Windows clients to talk to LDAP directly, and setting up Linux clients to do pam_krb5 for both authentication and password changes is well worthwhile. If you mean, that the cleartext should be delivered to the directory server, then yes, this is how I see things. I should get back to Heimdal hacking some time, and get the plaintext password set into hdb-ldap... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part