Am Donnerstag, den 24 Juli hub Ragnar Wisløff folgendes in die Tasten:
I've got Samba doing updates of the LDAP userPassword attribute when a
password change is initiated from a Windows client. However, this requires
binding using the admin LDAP user and supplying the admin password.
So far this is done in a Perl script and storing this admin password in
clear text in the script. I don't like having the password stored like this.
Is there another way? Is it somehow possible to access the password so that
it is not visible?
I'm not sure, but it guess, it is possible, to handle the passwordchange
under Unix via PAM, so it should be possible, to call /usr/bin/passwd
when changing the (samba-)password. Then only PAM has to know the
LDAP-admin-password (which is stored in /etc/ldap.secret anyway)
Any PAM-guru here? :-)