Password sync

Simo Sorce simo.sorce at
Wed Jul 19 09:14:48 GMT 2000

David Bannon wrote:
> At 07:00 PM 18/07/2000 +1000, Henning Eiben wrote:
> >Hi,
> >
> >I'm running Samba 2.0.6 (or 2.0.7) with SuSE 6.2 and I want to keep my samba
> >and my Unix passwords in sync. Since SuSE 6.2 uses PAM I supposed I don't
> >have to use the "password chat" from smb.conf ...
> If you want real unix passwords and samba passwords, then you need to use
> passwd sync. It is a bit pedantic, you must get the syntax to suit what you
> passwd programme says. It does not handle errors very well, the user gets
> told that their existing passwd is wrong if ANYTHING fails (such as an
> attempt to change to a passwd that is unsafe).
> If you are happy to use pam then things can be much easier, get pam to do
> all your authentication. Point pam_smb to the samba server (even if its on
> the same box). You then dont need any passwds in /etc/passwd (or
> /etc/shadow), dont have to worry about passwd sync, dont have to worry
> about someone applying crack to /etc/passwd (anyone seen a 'crack' to apply
> to the NT encrypted passwds in smbpassword ?).

Reading on this list for months convinced me that NT password format is
really too unsecure and trivial to crack and this kept me always away
from using pam_(ntdom/smb/winbind) to store my unix passwords.

> David
> ------------------------------------------------------------
> David Bannon                      D.Bannon at
> School of Biochemistry            Phone 61 03 9479 2197
> La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
> Bundoora, Vic, Australia, 3083
> ------------------------------------------------------------
> .... Humpty Dumpty was pushed !

Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at 02 2399 2425 - 02 2399 2451
Be happy, use Linux!

More information about the samba-ntdom mailing list