Must a Samba PDC use encrypted passwords?

John R Lane lanejohn at
Fri Jun 5 20:32:56 GMT 1998

    >> After the period of getting everyone to log in and get their
    >> password updated is done and we switch to encrypted passwords,
    >> /etc/passwd and smbpasswd will start to diverge, right?
    >> Meaning, if they change one the other will NOT change.

    Gerald> Correct

    >> If that is true, is there a good way around this?

    Gerald> The best solution is to rewrite you passwd program on the
    Gerald> unix box to pipe the change to /etc/passwd and smbpasswd.
    Gerald> This is fairly trivial if these files are located on the
    Gerald> same box that user's login to change their passwd.  If
    Gerald> uses's change their passwd on other machines besides these
    Gerald> master's, then things get a little trickier.

FYI: I've pretty much finished coding up a PAM module to possibly be
integrated with pam_ntdom which handles password changes using the
(network) password change functionality of samba.  In other words, you
should just be able to stack pam_unix on top of pam_ntdom and have
password updates done on a samba server as well as through NIS (or
whatever you use).  ie., something like

other   password required       /usr/lib/security/
other	password required	/usr/lib/security/

I hope to have it debugged and working sometime this weekend; next
week at the latest, though I'm new to PAM, so I'll be counting on
having a few people test it and give feedback.


System Administrator
Department of Computer Science
Michigan State University

More information about the samba-ntdom mailing list