matty at cifs.org
Thu Nov 11 17:25:56 GMT 1999
On Thu, Nov 11, 1999 at 12:17:00PM -0600, Tom Kunicki wrote:
> Note that if the "unix password sync" parameter is
> set to true, then this sequence is called *AS ROOT*
> when the SMB password in the smbpasswd file is
> being changed, without access to the old password
> cleartext. In this case the old password cleartext
> is set to "" (the empty string).
> Maybe I was misunderstood the docs...
No, sorry, I was just thinking in the context of Geoffrey's question (where he
mentioned smbpasswd, and so he is using encrypted passwords). As I understand
If you use "encrypt passwords = yes" and "unix passwd sync = yes", then
for each password sync the password program is called AS ROOT (without
access to the old cleartext).
If you use "encrypt passwords = no" (i.e. you are using the UNIX password
database directly) then the setting of "unix passwd sync" is irrelevant,
and when the user changes his/her password the password change program is
called AS THE USER (with access to the old cleartext).
The docs *are* slightly misleading on this.
Matthew "Austin" Chapman
SysAdmin, Developer, Samba Team Member
More information about the samba-ntdom