[Samba] passwd program example for parsing new password typed?
Logan Shaw
lshaw at emitinc.com
Wed Sep 6 18:58:20 GMT 2006
On Wed, 6 Sep 2006, Gianluca Cecchi wrote:
> This could allow me to synchronize the passwords of the two domains'
> users during the normal windows password change operation.
That's a little odd to have two sets of accounts that are kept
identical between two different domains. But, maybe there is
a reason for it.
> I have only to set up the "passwd program" of smb.conf accordingly.
> By default it is "passwd %u" and I read that it makes use of expect to
> get the passwd typed by the user.... (not clear how... where to find
> docs?)
No, it uses an Expect-like (not actual Expect, I think)
script to talk to the passwd program. The user's password
comes in plaintext from the Windows client machine to Samba,
if I understand correctly. So the interaction between Samba
and the passwd command doesn't involve getting the password
typed by the user.
> I would like instead to substitute it with a script that
> 1) runs the passwd program locally as by default
> 2) runs a remote shell to the other samba host to run the script
> specified above for AD change.
> Any hint on how to give to the script the password typed by the user?
> Thaks in advance for your help.
Look at the "passwd chat" Samba parameter. This defines how
Samba communicates with the passwd program. You can substitute
your own chat script to specify how it interacts with your
own script instead of the passwd command. For example, your
script might look like this:
#! /bin/sh
username="$1"
echo "send password now"
read password
# do whatever you want with $username and $password
Then I believe you'd want this in your smb.conf:
unix password sync = yes
passwd program = /path/to/my/script %u
passwd chat = "send password now" %n\n
That should take care of the glue between Samba and your script,
but then you have the small matter of glue between your script
and /usr/bin/passwd. Previously, Samba could take care of that
for you, but if you wrap the passwd command with your script,
you're going to have to use Expect or something to do it.
- Logan
More information about the samba
mailing list