Forcing Password Change
Elrond
elrond at samba.org
Tue Aug 1 17:51:34 GMT 2000
Hi,
Well, password-change forcing wasn't requested for a long
time (to be honest, I don't remember any request).
And it isn't currently supported in any form by samba (not
even by TNG).
I could find out how to do it for nt-clients (I've got an
nt-pdc and clients to trace this stuff, if realy needed).
But since I don't have any 9x, I can't trace this and I
don't know anything about the 9x-stuff in samba.
I even don't know, if 9x supports this.
Elrond
On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote:
> Hi all,
>
> I can't seem to search the archives (for a while) and have looked through
> several months of posts in those archives I _can_ get access to and I
> haven't seen a mention of forcing password changes. Nor is there any sort
> of reference in the manual or any other documentation I can get my hands on.
>
> I have a client that needs to be able to force users to change their
> password at regular intervals. In a pure NT or Pure *nix environment this
> is possible. However, it seems to be impossible in their current
> situation:
>
> '98 workstations, samba is quasi domain controller and WINS server, NIS used
> in part of the network and a separate system (non NIS) for
> SMTP/POP3/calendaring and a CVS server (zero NT !! :) ).
>
> When users are added into the system they get assigned a password by a
> sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS)
> as well as the Windows password. To date, there is no way to allow for
> non-repudiation, and that is a serious problem from my point of view--at
> least one other person in the client's company knows anyone's password and
> can masquerade as that user.
>
> Simply trusting that a user will change their password is not enough, they
> won't unless they are forced to.
>
> I believe that I have a mechanism (set of scripts + SSH) that will interact
> with samba to synchronize all of the systems when a user makes the change
> from her control panel ( the reasons for not moving completely to NIS or
> LDAP
> are numerous).
>
> Can someone point me to a source for forcing these users to change their
> passwords? How about adding an "acceptable use" banner to the login screen?
> Forcing "good" (also read strong) password construction?
>
> I wish that there was a viable alternative to windows, and having these
> particular tools at hand would be most beneficial.
>
> Thanks in advance,
>
> Tony Plastino
> anthonyp at esociety.com
>
> =====================================
> A. R. Plastino III
> Network and Systems Security Engineer
> eSociety
> http://www.eSociety.com
More information about the samba-ntdom
mailing list