NT Password Hash Storage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Craig White wrote:

>><..snip..>
>>    
>>
>----
>I am unclear how you are doing authentication by Windows users to the
>network in a normal login...via AD?
>
>anyway, my inclination is to setup Fedora-DS to use samba schema
>
>http://directory.fedora.redhat.com/wiki/Howto:Samba
>
>as that would give you a sambaNTPassword attribute which is normally the
>hashed password as expected but how that relates to question
>#2...updating the hash when the user changes their password...I suppose
>that would depend upon the chain of events that occur where/when the
>user changes their password...how is this information going to be sent
>to fedora-ds?
>
>Craig
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

When I arrived on the scene, network authentication for windows clients 
consisted of setting a local user id and password on a PC and setting 
the same user id and password on a stand-alone samba server.  Of course, 
users had different ids for email, vpn, shared-keys for wireless, etc. 
and passwords never changed (there was a partial NIS setup going, so all 
was not bleak).

What I'm doing is consolidating it all into FDS with the benifit of a 
password policy.  The samba schema worked great and also gets samba 
using FDS for authentication.  But this leaves one question:  what to do 
about having two sets of passwords in FDS?

With samba running as an NT domain controller, and having PCs join the 
domain, samba should take care of keeping the sambantpassord correct 
when a Windows user changes their password.  But what of the userpassord 
attribute?  What happens when that same user does an ssh session into a 
Linux server, which if I understand correctly, will use the userpassword 
attribute for authentication?

Is there a way to keep the two password attributes in sync?  I'm not 
sure if it's possible to have all devices needing to do authentication 
to use the NT style.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060119/d3e8e8c6/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux