Must a Samba PDC use encrypted passwords?
John R Lane
lanejohn at cps.msu.edu
Fri Jun 5 20:32:56 GMT 1998
>> After the period of getting everyone to log in and get their
>> password updated is done and we switch to encrypted passwords,
>> /etc/passwd and smbpasswd will start to diverge, right?
>> Meaning, if they change one the other will NOT change.
Gerald> Correct
>> If that is true, is there a good way around this?
Gerald> The best solution is to rewrite you passwd program on the
Gerald> unix box to pipe the change to /etc/passwd and smbpasswd.
Gerald> This is fairly trivial if these files are located on the
Gerald> same box that user's login to change their passwd. If
Gerald> uses's change their passwd on other machines besides these
Gerald> master's, then things get a little trickier.
FYI: I've pretty much finished coding up a PAM module to possibly be
integrated with pam_ntdom which handles password changes using the
(network) password change functionality of samba. In other words, you
should just be able to stack pam_unix on top of pam_ntdom and have
password updates done on a samba server as well as through NIS (or
whatever you use). ie., something like
other password required /usr/lib/security/pam_unix.so.1
other password required /usr/lib/security/pam_ntdom.so.1
I hope to have it debugged and working sometime this weekend; next
week at the latest, though I'm new to PAM, so I'll be counting on
having a few people test it and give feedback.
jrl.
System Administrator
Department of Computer Science
Michigan State University
More information about the samba-ntdom
mailing list