Combining passwd programs
Jean-Francois Micouleau
Jean-Francois.Micouleau at utc.fr
Thu Jun 18 23:56:12 GMT 1998
On Fri, 19 Jun 1998, Tavis Barr wrote:
> A couple of us have been talking about writing a passwd binary that would
> basically take the smbpasswd.c program and add a routine to change the
> Unix password right after the one that changes the smbpasswd file.
That's already done. It's not smbclient which changes the Unix password
but smbd itself.
Take a look at the 'unix password sync' option
>
> The only trouble is, in order to change the Unix password, as far as I know
> the program has to be run setuid root.
Because usually root don't have to type the old password in clear-text
form when changing a user's password
> I remember that smbpasswd was
> changed recently so that it didn't have to be run this way (in fact it
> couldn't but that's easy enough to comment out of the code). My question
> for ye wise ones: Are there any particular security holes created by running
> the smb password-changing routine as setuid root that aren't created by
> running other programs (e.g.., Unix passwd) as setuid root?
>
J.F.
-----------------------------------------------------------
Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
try to install Windows NT !"
-----------------------------------------------------------
More information about the samba-ntdom
mailing list