On Mon, Aug 31, 2009 at 02:27:45PM -0400, Simo Sorce wrote:
On Mon, 2009-08-31 at 15:10 +0200, Sumit Bose wrote:
> Hi,
>
> this patch adds the change password support for the kerberos backend.
>
> I wonder if we want to support password reset by root via kerberos, i.e.
> allow root to change a user's password if a krb5 ticket with the needed
> privileges is available?
Patch looks good, the only remark I have is that even if the child exits
we should still try to free resources we allocate (krb libs invocations
may allocate buffers), to avoid leaks if we later change the code to be
more complex or copy the code elsewhere.
Otherwise I'd say it's an ACK (though I haven't tested the change
myself).
libdbus does not like a pure fork, but prefers fork+exec. The second
patch add this functionality to the kerberos child.
Parent and child communicate in the following way. UPN and passwords are
sent from parent to child via a pipe and the result is sent back via
another pipe. General parameters, like the change password principle,
are put to the environment by the parent and can be read by the child
when needed.
There is a minor change to the change password patch which fixes a
talloc_steal to the wrong context.
bye,
Sumit