idea: passwd chat script

Todd Pfaff pfaff at edge.cis.McMaster.CA
Wed Feb 17 04:40:54 GMT 1999


On Wed, 17 Feb 1999, Jamie ffolliott wrote:

> I'm wondering, is it possible to write a shell script to run as the
> "passwd program" in smb.conf, which essentially calls the unix
> /usr/bin/passwd, plus whatever other custom things you wish to do?

yes, or it can also be a semicolon separated list of commands.  i use
this to sync my nis master password map:

passwd program = /bin/passwd -r files %u; cd /var/yp; /usr/ccs/bin/make passwd
passwd chat = *New\spassword:* "%n\n" *new\spassword:* "%n\n" *updated\spasswd* . *pushed\spasswd*

> In my case, I'd like to add an extra command to update a user's frontpage
> passwd when they change their samba password from NT's ctrl-alt-del
> dialogue, so passwords are in sync (unix/samba/other). (We aren't worried
> about the security problems with frontpage)

sure, that's all possible now.  your passwd chat just has to have enough
expect-send strings to satisfy the passwd program.

> I bet there's other possibilities here, so i'm suggesting a new feature
> for samba 2.1prealpha: allow shell scripts to run from the "passwd
> program" option (or a new "passwd script" option), and let the "passwd
> chat" provide the interactive responses to the passwd script.
> 
> comments/ideas?
> 
> I think this would simplify password synchronization quite nicely - all
> from the NT password dialogue.
> 
> For example, here's a very basic configuration i'm thinking of:
> * This currently doesn't work in the latest 2.1prealpha CVS
> 
> smb.conf:
> passwd program = /usr/local/sbin/pwdchat.sh %u
> passwd chat = *password* %n\n *password* %n\n *successfull* *password*
> %n\n *successfull*
> unix passwd sync = yes
> 
> here's pwdchat.sh :
> 
> #!/bin/sh
> LOGIN=$1
> if [ -z $LOGIN ]; then
>   exit 2
> fi
> 
> # Let standard unix-based passwd prompt for the password
> # "passwd chat" string should handle the responses
> /usr/bin/passwd $LOGIN
> 
> # Another passwd program
> echo -n "re-enter password:"
> read PASS 
> /usr/bin/another_passwd $LOGIN $PASS
> echo "all passwords changed successfully"
> 

--
Todd Pfaff                         \  Email: pfaff at mcmaster.ca
Computing and Information Services  \ Voice: (905) 525-9140 x22920
ABB 132                              \  FAX: (905) 528-3773
McMaster University                   \
Hamilton, Ontario, Canada  L8S 4M1     \



More information about the samba-ntdom mailing list