Passwd change security (was CVS update: samba/source)

David Collier-Brown davecb at Canada.Sun.COM
Fri Mar 20 14:38:11 GMT 1998

Jeremy Allison wrote:
> Now with a bit of work, and wrapping the change
> password code in a become_root()/unbecome_root()
> pair we should be able to make use of the fact
> that calling the passwd program as root allows
> a users password to be changed without needing
> the old cleartext password.

	While I think this is good/sane/advisable, I should
	mention that this makes the password slightly
	weaker than it would be on standard unix.

	The normal passwd program asks for the old
	password to make sure someone hasn't sat
	down at my machine while I'm logged on 
	to bug me by changing my password. This
	prevents a denial-of-service attack.

	If the pc client is already doing this (and
	Windows 95/NT **APPEARS** to), it's a non-problem.
	Anyone know if WfW and NT < 4 do it correctly?
	Indeed, anyone know if 95/NT4 are really correct?

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | davecb at,
M2N 1Y3. 416-223-8968 |

More information about the samba-technical mailing list