mksmbpasswd

Tavis Barr tavis at mahler.econ.columbia.edu
Mon Nov 15 09:40:51 GMT 1999 

No.  mksmbpasswd will not synchronize your Unix and SMB password files.  
In fact, such a synchronization is impossible to do with a single command 
(at least it had better be impossible or all our security is in 
trouble).  Both the Unix and SMB password encryptions are designed to be 
one-way encryptions, and they use different encryption algorithms.  This 
means that order to sync your Unix and SMB passwords, your program would 
have to decrypt one of the files (probably your /etc/passwd file), which 
hopefully it can't do (if it can then all of your passwords are 
completely knowable to anyone with such a routine).  

All that mksmbpasswd does is write a correctly-formatted SMB password 
file with an invalid entry in the password field.  This means that all of 
your users have to change their smbpasswd before they can use Samba.  The 
only way to keep Unix and Samba passwords synchronized is if you (1) use 
the unix passwd sync option or (2) rewrite your /bin/passwd command so 
that it changes both passwords at once.

Good luck,
Tavis



On Mon, 15 Nov 1999, LEYMARIE Gerard wrote:

> More application, can I use a cron to synchronise every 30 minutes
> /etc/passwd and smbpasswd file?
> 
> Thks, Gerard
> ----- Original Message -----
> From: David Bear <David.Bear at asu.edu>
> To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> Sent: jeudi 11 novembre 1999 00:44
> Subject: mksmbpasswd
> 
> 
> > I issued the command
> >
> > cat /etc/passwd | mksmbpasswd > /etc/samba.d/smbpasswd
> >
> > to create my initiall smbpasswd file.  Question is, can I issue that
> > command again when my unix passwd file changes to just overwrite the
> > smbpasswd?  Or will there be other problems??

--------------------------------------------------------

Tavis Barr                           ,-~~-.___.        
Senior Systems Coordinator          / |  '     \             
Institute for Social and Economic  (  )        0               
   Theory and Research              \_/-, ,----'            
509E Int'l Affairs Bldg                ====           //                    
Columbia University                   /  \-'~;    /~~~(O)
212-854-4237                         /  __/~|   /       |    
tavis at mahler.econ.columbia.edu     =(  _____| (_________|

---------------------------------------------------------

More information about the samba-ntdom mailing list