Forcing Password Change
Anthony Plastino
anthonyp at esociety.com
Tue Aug 1 21:25:17 GMT 2000
Thanks for the encouragement. If I ever get it worked out I'll post a
patch. :)
: -----Original Message-----
: From: Elrond [mailto:elrond at samba.org]
: Sent: Tuesday, August 01, 2000 10:52 AM
: To: Anthony Plastino
: Cc: Multiple recipients of list SAMBA-NTDOM
: Subject: Re: Forcing Password Change
:
:
:
: Hi,
:
: Well, password-change forcing wasn't requested for a long
: time (to be honest, I don't remember any request).
:
: And it isn't currently supported in any form by samba (not
: even by TNG).
:
: I could find out how to do it for nt-clients (I've got an
: nt-pdc and clients to trace this stuff, if realy needed).
: But since I don't have any 9x, I can't trace this and I
: don't know anything about the 9x-stuff in samba.
: I even don't know, if 9x supports this.
:
: Elrond
:
:
: On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote:
: > Hi all,
: >
: > I can't seem to search the archives (for a while) and have
: looked through
: > several months of posts in those archives I _can_ get
: access to and I
: > haven't seen a mention of forcing password changes. Nor is
: there any sort
: > of reference in the manual or any other documentation I can
: get my hands on.
: >
: > I have a client that needs to be able to force users to change their
: > password at regular intervals. In a pure NT or Pure *nix
: environment this
: > is possible. However, it seems to be impossible in their current
: > situation:
: >
: > '98 workstations, samba is quasi domain controller and WINS
: server, NIS used
: > in part of the network and a separate system (non NIS) for
: > SMTP/POP3/calendaring and a CVS server (zero NT !! :) ).
: >
: > When users are added into the system they get assigned a
: password by a
: > sysadmin. There are four distinct login IDs per user (POP3,
: NIS, samba, CVS)
: > as well as the Windows password. To date, there is no way
: to allow for
: > non-repudiation, and that is a serious problem from my
: point of view--at
: > least one other person in the client's company knows
: anyone's password and
: > can masquerade as that user.
: >
: > Simply trusting that a user will change their password is
: not enough, they
: > won't unless they are forced to.
: >
: > I believe that I have a mechanism (set of scripts + SSH)
: that will interact
: > with samba to synchronize all of the systems when a user
: makes the change
: > from her control panel ( the reasons for not moving
: completely to NIS or
: > LDAP
: > are numerous).
: >
: > Can someone point me to a source for forcing these users to
: change their
: > passwords? How about adding an "acceptable use" banner to
: the login screen?
: > Forcing "good" (also read strong) password construction?
: >
: > I wish that there was a viable alternative to windows, and
: having these
: > particular tools at hand would be most beneficial.
: >
: > Thanks in advance,
: >
: > Tony Plastino
: > anthonyp at esociety.com
: >
: > =====================================
: > A. R. Plastino III
: > Network and Systems Security Engineer
: > eSociety
: > http://www.eSociety.com
More information about the samba-ntdom
mailing list