At 23:16 08/07/2003 +0200, Michael Ströder wrote:
charlie derr wrote:
The best that we could think of (though we haven't yet implemented
it -- we're hoping to do so soon) is to create a password-changing
mechanism (webpage) that will reset all three (when the user enters
the valid userPassword).
I'd also recommend this solution. Especially since you can
authenticate the user by his/her old userPassword. It's not much
effort to code such a CGI-BIN.
This is the way we did it here, we've a cgi-bin script on a secured
web server that authenticates users &
then allows them to update their passwords. We generate
ntpassword,lmhash and crypt, update the
ldap server and push the crypt to NIS. We've stopped people from
updating passwords from the command line
(NIS) so we don't have to worry about syncing back the way.