[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password protection from admins

To: Alberto Alonso <alberto@ggsys.net>
Subject: Re: Password protection from admins
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: Thu, 21 Aug 2003 12:42:39 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1061440234.27917.27.camel@w100>
References: <1061440234.27917.27.camel@w100>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624

Alberto Alonso wrote:

I would like admins to be able to change a user's password but not
be able to read it.

I have read the FAQ at http://www.openldap.org/faq/data/cache/453.html
on access lists and tried messing with taken away read access or setting
the ACL via =wxsc

However, when using ldappasswd I can't change the userpassword
unless I have read access to it.

Am I missing something?

Write access automatically gives read access. If you don't have read access, how can you have write access? With most systems you'd have to know and enter the old password to be able to change it, anyway. Also, if you think logically, even if he couldn't read the old password, your admin would immediately know the new one as soon as he'd entered it. What's the difference if he can read it or not?

Tony

--
Tony Earnshaw

Looking backwards is always easy with hindsight

http://www.billy.demon.nl
Mail: tonni@billy.demon.nl

Follow-Ups:
- Re: Password protection from admins
  - From: "Guido Casper" <gcasper@s-und-n.de>

References:
- Password protection from admins
  - From: Alberto Alonso <alberto@ggsys.net>

Prev by Date: Re: Password protection from admins
Next by Date: Re: A little bit off topic question about jpegPhoto
Index(es):
- Chronological
- Thread