>I would note that the original rationale for this bug report, password synchronization between pam and samba passwords, is incorrect.
>There are other, more general means of keeping passwords synchronized between Unix, LDAP, Samba, etc. databases using PAM
>itself which don't require any overlays on the LDAP side.
That was new information to me - could you point to a HOWTO or similar?
>This wouldn't meet the needs of arbitrary LDAP clients effecting password changes,
Indeed. By using smbk5pwd, doing a password change will work using any LDAP tool, as long as the tool is doing an EXOP for the password change.
Quoting Steve Langasek:
>I would note that the original rationale for this bug report, password synchronization between pam and samba passwords, is incorrect.
>There are other, more general means of keeping passwords synchronized between Unix, LDAP, Samba, etc. databases using PAM
>itself which don't require any overlays on the LDAP side.
That was new information to me - could you point to a HOWTO or similar?
>This wouldn't meet the needs of arbitrary LDAP clients effecting password changes,
Indeed. By using smbk5pwd, doing a password change will work using any LDAP tool, as long as the tool is doing an EXOP for the password change.