[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password protection from admins



Alberto Alonso wrote:

I would like admins to be able to change a user's password but not
be able to read it.

I have read the FAQ at http://www.openldap.org/faq/data/cache/453.html
on access lists and tried messing with taken away read access or setting
the ACL via =wxsc

However, when using ldappasswd I can't change the userpassword
unless I have read access to it.

Am I missing something?

Write access automatically gives read access. If you don't have read access, how can you have write access? With most systems you'd have to know and enter the old password to be able to change it, anyway. Also, if you think logically, even if he couldn't read the old password, your admin would immediately know the new one as soon as he'd entered it. What's the difference if he can read it or not?


Tony

--
Tony Earnshaw

Looking backwards is always easy with hindsight

http://www.billy.demon.nl
Mail: tonni@billy.demon.nl