Forcing Password Change

Kevin Colby kevinc at grainsystems.com
Tue Aug 1 18:42:05 GMT 2000 

I thought I saw posts some time ago that indicated this was a litimation
of the smbpasswd file, not Samba per se, and that it may work if you
were using an LDAP backend or something like that.

Does anyone else remember that?

	- Kevin Colby
	  kevinc at grainsystems.com


Elrond wrote:
> 
> Hi,
> 
> Well, password-change forcing wasn't requested for a long
> time (to be honest, I don't remember any request).
> 
> And it isn't currently supported in any form by samba (not
> even by TNG).
> 
> I could find out how to do it for nt-clients (I've got an
> nt-pdc and clients to trace this stuff, if realy needed).
> But since I don't have any 9x, I can't trace this and I
> don't know anything about the 9x-stuff in samba.
> I even don't know, if 9x supports this.
> 
>     Elrond
> 
> On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote:
> > Hi all,
> >
> > I can't seem to search the archives (for a while) and have looked through
> > several months of posts in those archives I _can_ get access to and I
> > haven't seen a mention of forcing password changes.  Nor is there any sort
> > of reference in the manual or any other documentation I can get my hands on.
> >
> > I have a client that needs to be able to force users to change their
> > password at regular intervals.  In a pure NT or Pure *nix environment this
> > is possible.  However, it seems to be impossible in their  current
> > situation:
> >
> > '98 workstations, samba is quasi domain controller and WINS server, NIS used
> > in part of the network and a separate system (non NIS) for
> > SMTP/POP3/calendaring and a CVS server (zero NT !!  :)  ).
> >
> > When users are added into the system they get assigned a password by a
> > sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS)
> > as well as the Windows password.  To date, there is no way to allow for
> > non-repudiation, and that is a serious problem from my point of view--at
> > least one other person in the client's company knows anyone's password and
> > can masquerade as that user.
> >
> > Simply trusting that a user will change their password is not enough, they
> > won't unless they are forced to.
> >
> > I believe that I have a mechanism (set of scripts + SSH) that will interact
> > with samba to synchronize all of the systems when a user makes the change
> > from her control panel ( the reasons for not moving completely to NIS or
> > LDAP
> > are numerous).
> >
> > Can someone point me to a source for forcing these users to change their
> > passwords?  How about adding an "acceptable use" banner to the login screen?
> > Forcing "good" (also read strong) password construction?
> >
> > I wish that there was a viable alternative to windows, and having these
> > particular tools at hand would be most beneficial.
> >
> > Thanks in advance,
> >
> > Tony Plastino
> > anthonyp at esociety.com
> >
> > =====================================
> > A. R. Plastino III
> > Network and Systems Security Engineer
> > eSociety
> > http://www.eSociety.com

More information about the samba-ntdom mailing list