Bjorn Ove Grotan wrote: > Finn-Arne Johansen: > >>I've checked in a new slapd-sarge-debian-edu.conf. Those of you who >>knows anything about slapd configuration, please have a look. >>I've tested this one, and it will allow jradmins to change _every_ >>password except the ldap-admin password. >> >>There is also the new utility called jrpasswd by Bjoern Ove (gagatan), >>located at the same location, that should do the job. >>The later should provide better security, since it's python, and the >>former is bash code, which could make it possible to sniff the password >>while used (although I have not been able to sniff the password) >> >>I'm not sure about how jrpasswd will update the samba password, but I >>know that passwd tries to use sudo , so you will have to do some work >>there. > > > I'm not quite shure what passwd and sudo has to do with samba-passwords here. > jrpasswd changes the lanman- and nt-hashes if configured to do so.
To set samba password for another user using smbpasswd, you have to be root. So the script /usr/share/debian-edu-config/tools/passwd tries to use sudo to run smbpasswd if you are to change the password for another user. > I'll be in Oslo on Tuesday (21.2.) and have some time between meetings at UiO > campus and when my flight back to Trondheim in the evening. Anyone want to > meet up to > discuss this, user administration in skolelinux or just the general > conspiracy thingy - don't hesitate to contact me by email or irc (Gagatan). Well, I want to have that discussion _after_ we've released a sarge-based debian-edu, but I want to allow have a working tool like jrpasswd or some other tool that allow someone other than ldap admin to change password. did you have a chance of looking at the config I checked in ? -- Finn-Arne Johansen [EMAIL PROTECTED] http://bzz.no/ Debian-edu developer and Solution provider EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
