[Freeipa-devel] [PATCH] Support password change operation by direct manipulation of userPassword

[Rob Crittenden]

Simo Sorce wrote:
> This is an initial patch to support generating kerberos key material
> (and other hashes) when an ldap ADD or MODIFY operation is performed on
> the userPassword attribute.
> 
> Basic testing seem to work, but I'd like feedback both on the method
> used and on the implementation. I have probably missed something as I
> had to work on the patch at different times with large intervals between
> each coding session, so please test it if you can before I push it to
> master.
> 
> Simo. 
> 

I'm sure Nathan will have some other input but here are my initial thoughts:

You can probably pull out a bunch of code into functions that is 
duplicated in add and mod:
- the is_krb and is_smb code checks
- determining if the password is hashed or not

I wonder if {CLEAR} is #defined somewhere...

Is "unhashed#user#password" some sort of magic string?

It generally looks ok but DS plugins aren't my forte.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080723/721de83c/attachment.bin>