[Samba] FW: Questions about Samba 4

Rowland Penny rowlandpenny241155 at gmail.com
Fri Aug 28 13:13:49 UTC 2015


On 28/08/15 13:53, L.P.H. van Belle wrote:
> Rowland,
>
> if ChallengeResponseAuthentication is 'yes', and the PAM authentication policy
> for sshd includes pam_unix, password authentication will be allowed through
> the challenge-response mechanism regardless of the value of PasswordAuthentication.
>
> source.
> http://www.unixlore.net/articles/five-minutes-to-more-secure-ssh.html
> start reading as of : Details on PAM Authentication
>
> but a good find, maybe Volker can use this info also.
>
>
> Greetz,
>
> Louis
>
>
>   
>
>

Hi Louis, I wasn't sure about the PasswordAuthentication setting, but 
before I set both, if I tried to login via ssh to a Unix client with a 
user whose password was set to be changed at next login, I got winbind 
using 100% CPU and the user couldn't login. After I set them, I got 
asked for the password, I was then informed the password had expired and 
I must change it, after I entered a new password (twice) I was logged in 
and winbind never got anywhere near 100% CPU.
Have you tried it ?





More information about the samba mailing list