Password Sync

[Peter Samuelson]

[Elrond <elrond at samba.org>]
> rpcclient -S ntpdc -U Administrator%passwdofadmin
> samuserset ntuser -p newpassword
[...]
> So, now how to get the new pw?
> 
> Check out the post
> "ANNOUNCE: pam_pwexport, Unix->SMB password changes"
> by Peter Samuelson <peter at cadcamlab.org>.

Yeah, I didn't think of using rpcclient or samedit.  I'll add something
like this in as another example file in the next version.  (To be
released Real Soon Now, as I keep saying.)  Thanks, Elrond.

The difficulty with using multiple PAM modules for changing passwords
is that password updates aren't atomic.  It's easy to get the two
password lists out of sync, if the first module succeeds but the second
fails.  (Say the PDC is unavailable, etc).  At that point there's not
too much you can do other than fix it manually.  There's just no way to
express the sequence "check to make sure all these updates will succeed
(grabbing whatever locks are necessary to ensure this), then do them."

Peter