ANNOUNCE: pam_pwexport, Unix->SMB password changes

Seth Vidal skvidal at
Wed Jun 21 21:26:28 GMT 2000

> > So how do I make the change take place from multiple remote linux clients.
> Since you will not (necessarily) have access to the old password, only
> the new password, it's not good to rely on smbpasswd's remote password
> update feature.  So what I'd do instead is do it by remote login,
> i.e. ssh.  Either set up openssh so that the root account on your PDC
> trusts the root accounts on other machines, or create a dedicated
> account with uid 0 that has the above script as its login shell (and of 
> course a locked password and a ~/.ssh/authorized_keys file that only
> lets those other root accounts in).

for remote logins I'm working on an perl/expect script to set the
smbpasswd on the pdc - as long as the file is only readable/executable by
root then it should be relatively safe enough.

and it should allow remote unix machines w/pam fields to sync up. - it
would be somewhat slow for some logins but I think it would work.

does that sound reasonable to you?


More information about the samba-ntdom mailing list