The Samba-Bugzilla – Bug 12751
Allow passing trusted domain password as plain-text to PASSDB layer
Last modified: 2017-05-02 07:32:55 UTC
_netr_ServerPasswordSet2: use info level 26 to set plain text machine password
To support password change for machine or trusted domain accounts in Active
Directory environment we need to pass down actual plain text password
instead of NT hashes. This would allow a backend like ipasam to update
Kerberos keys as well as NT hashes.
By calling samr_SetUserInfo2 info level 26 we ensure PASSDB layer can
actually get the plain text password. If PASSDB backend implements
pdb_update_sam_account() callback, it then gets the plain text password
Created attachment 13166 [details]
patch for 4.6 branch
Patch for 4.6 attached.
Karolin, please add the patchset to 4.6. Thanks.
(In reply to Andreas Schneider from comment #2)
Pushed to autobuild-v4-6-test.
(In reply to Karolin Seeger from comment #3)
Pushed to v4-6-test.
Closing out bug report.