Matt Chapman matty at
Thu Nov 11 17:25:56 GMT 1999

On Thu, Nov 11, 1999 at 12:17:00PM -0600, Tom Kunicki wrote:
>   Note that if the "unix password sync" parameter  is
>   set to true, then this sequence is called *AS ROOT*
>   when the SMB password  in  the  smbpasswd  file  is
>   being  changed,  without access to the old password
>   cleartext. In this case the old password  cleartext
>   is set to "" (the empty string).
> Maybe I was misunderstood the docs...

No, sorry, I was just thinking in the context of Geoffrey's question (where he
mentioned smbpasswd, and so he is using encrypted passwords). As I understand

If you use "encrypt passwords = yes" and "unix passwd sync = yes", then
for each password sync the password program is called AS ROOT (without
access to the old cleartext).

If you use "encrypt passwords = no" (i.e. you are using the UNIX password
database directly) then the setting of "unix passwd sync" is irrelevant, 
and when the user changes his/her password the password change program is 
called AS THE USER (with access to the old cleartext).
The docs *are* slightly misleading on this.


Matthew "Austin" Chapman
SysAdmin, Developer, Samba Team Member

More information about the samba-ntdom mailing list