ANNOUNCE: pam_pwexport, Unix->SMB password changes
Seth Vidal
skvidal at phy.duke.edu
Wed Jun 21 21:26:28 GMT 2000
> > So how do I make the change take place from multiple remote linux clients.
>
> Since you will not (necessarily) have access to the old password, only
> the new password, it's not good to rely on smbpasswd's remote password
> update feature. So what I'd do instead is do it by remote login,
> i.e. ssh. Either set up openssh so that the root account on your PDC
> trusts the root accounts on other machines, or create a dedicated
> account with uid 0 that has the above script as its login shell (and of
> course a locked password and a ~/.ssh/authorized_keys file that only
> lets those other root accounts in).
for remote logins I'm working on an perl/expect script to set the
smbpasswd on the pdc - as long as the file is only readable/executable by
root then it should be relatively safe enough.
and it should allow remote unix machines w/pam fields to sync up. - it
would be somewhat slow for some logins but I think it would work.
does that sound reasonable to you?
-sv
More information about the samba-ntdom
mailing list