Migrating from paintext (or plaintext) to encrypted

[Colin Higgs]

tomek wrote:

> But what should i do with all OLD accounts ? All old users have XXXX... 
> instead of their password. What happen when i will set NO PASSWORD in 
> smbpasswd for all old users ? I don't like a situation when somebody 
> will login on the server without a password. What kind of the solution 
> is here possible ? Everybody has to make a telnet session ? 
> 
> Any ideas are welcome. 

I was in a similar situation (with less users) and I came up with the
following kludge:

1) I made a program for adding users out of smbpasswd.c. This program
runs suid root (so that it can access the smbpasswd file) so I stripped
out all functionality except that required to add the user to the
password list. I also added PAM authentication code (taken from yptools
2.1 by Thorsten Kukuk) so that anyone running the program has to
authenticate themselves (via UNIX) first.

2) The program I created in (1) above could not be used to view the
smbpasswd file (just in case I ended up putting a security hole into an
suid binary) so I also made a little utility to maintain a list of users
who had registered.

3) A script was written for people to call which would use (2) to check
if the user was already registered or not, (1) to authenticate people
and add them (with their current UNIX password) to the samba encrypted
password list and (2) again to add them to the registered users list.

Notes:

- The utility created in (2) was not strictly necessary but I found it
useful to avoid timeouts and error messages when trying do do things
like add a user who is already there.
- (1) requires users to authenticate themselves - this is both a
security measure and a way to get the UNIX password. This also means
that users must actively "register" to use the new, encrypted password,
service.
- (1) must run on a machine which can access the smbpasswd file as root
(as far as I can tell you can't use -r and -a at the same time to
remotely add an account through the samba server).
- (3) could be implemented over the web if you didn't want users to see
unix at all, or perhaps you could use cygwin
(http://www.cygnus.com/cygwin) to compile the program in (1) and then
use the windows version of wish (http://www.scriptics.com) to make a GUI
for it (I have done a similar thing with smbpasswd itself to allow
checking for crackable passwords).
- Nearly all the c coding was taken from other people's programs so it
was quite easy to do.

Colin