[Samba] Samba calling passwd as user? (It's really about password history)

[Mac]

>From: Bob Hemedinger <rhemedinger at yahoo.com>
>Subject: Re: [Samba] Samba calling passwd as user? (It's really about password history)
>To: John Benedetto <jbenedet at unm.edu>, samba at samba.org
>Date: Tue, 3 Sep 2002 10:31:58 -0700 (PDT)
>
>It would seem to me that in a pure samba PDC scenario
>if samba called passwd as the user, password history
>enforcement could be achieved via synching unix
>passwords.

Unfortunately this is not possible, because the protocols by which SMB
password changes take place result in the 'old' password not being
available.

To call the UNIX 'passwd' program whilst running as the user, you have
to be able to supply the 'old' password before the new ones.  And it's
simply not available.


>           If it is not feasible for passwd to be
>called as the (unix) user, then password history
>enforcement via password synching will never be
>achievable for samba 2.x.

Password history via synching will never be available full stop.  If
password history depends on running as the user, and the 'passwd'
command requires the old password, then password synching can't be used
for history.

Sad, but true.


                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann at nibsc.ac.uk
   Work: +44 1707 654753 x285      Everything else: +44 7956 237670 (anytime)