14 Sep
2011
14 Sep
'11
8:43 a.m.
On 14/09/2011 16:54, Michael Ströder wrote:
Buchan Milne wrote:
IMHO, you shouldn't be hashing passwords on the client-side, it is much better to let the DS hash the password
In some use-cases it is better to do client-side hashing. Especially if you want to set more attributes together with attribute 'userPassword' in a single modify request (which means single transaction).
I still prefer using Password Modification extended operation. I can use smbk5pwd to automatically update also all the other relevant informations (sambaPwdLastSet, sambaLMPassword, sambaNTPassword), having a much simpler code. It's unfortunate that the patch to update also shadowLastChange was not applied.
Simone
--
Simone Piccardi Truelite Srl
piccardi@truelite.it (email/jabber) Via Monferrato, 6
Tel. +39-347-1032433 50142 Firenze
http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336