sync passwords

Charles Wise charles at fwbbc.edu
Thu Sep 27 09:42:02 GMT 2001


smb.conf only has to be readable and writeable by root not everyone. Your 
solution still may have security implications though.

Quoting Dominic <d.lukwata at fh-mannheim.de>:

> Hi all,
> 
> I have managed to make smbpasswd update both unix NIS passwords
> and smb-passwords. Only that the price is a big security hole!
> yppasswd needs the root password! So I have changed the chat in smb.conf
> to
> include the root password in clear text.
> 
>    smb passwd file = /usr/local/samba/private/smbpasswd
>    unix password sync = yes
>    passwd program = /usr/bin/yppasswd %u
>    passwd chat = *NIS* <root password>\n *NIS* %n\n *new* %n\n *changed*
>    encrypt passwords = yes
> 
> Now this has worked, but really not acceptable, since smb.conf must be
> readable by every one! So the root password can be read by anyone!
> 
> Does any one know how to go around this?
> 
> Thanks a bunch
> 
> Dominic
> 



Charles Wise
FWBBC
Computer Support
charles at fwbbc.edu




More information about the samba-ntdom mailing list