[Freeipa-devel] [PATCH] Support password change operation by direct manipulation of userPassword
Nathan Kinder
nkinder at redhat.com
Wed Jul 23 19:59:30 UTC 2008
Rob Crittenden wrote:
> Simo Sorce wrote:
>> This is an initial patch to support generating kerberos key material
>> (and other hashes) when an ldap ADD or MODIFY operation is performed on
>> the userPassword attribute.
>>
>> Basic testing seem to work, but I'd like feedback both on the method
>> used and on the implementation. I have probably missed something as I
>> had to work on the patch at different times with large intervals between
>> each coding session, so please test it if you can before I push it to
>> master.
>>
>> Simo.
>
> I'm sure Nathan will have some other input but here are my initial
> thoughts:
I still need to go through the code in detail, but I have a couple of
comments below...
>
> You can probably pull out a bunch of code into functions that is
> duplicated in add and mod:
> - the is_krb and is_smb code checks
> - determining if the password is hashed or not
>
> I wonder if {CLEAR} is #defined somewhere...
Nowhere public. A few places in the DS code #define "CLEAR" without
braces, but these aren't exposed, so it won't help much.
>
> Is "unhashed#user#password" some sort of magic string?
Yeah, this is a magic attribute used by DS.
>
> It generally looks ok but DS plugins aren't my forte.
>
> rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3254 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080723/c22675ee/attachment.bin>
More information about the Freeipa-devel
mailing list