Richard Sharpe sharpe at
Thu Jan 21 13:55:46 GMT 1999


it seems that it should be possible to write a pam module that allows a
user to change their password on a remote PDC from UNIX, if one were to do
the following:

1. Obtain the old password from the user, and then do a logon/valid user
check against the PDC or DC

If that succeeds, the user's old password seems kosher

2. Get the new password twice to ensure they know what they are typing

3. Call remote_password_change from libsmb passing it the right args.

It seems that pam_smbpass could be used as a model. It tries to sync the
passwords in /etc/passwd and /etc/smbpasswd.

Then combined with something like pam_ntdom, one could have all the UNIX
machines authenticating and changing passwords against a Samba PDC.

Any comments?

Richard Sharpe, sharpe at, NIC-Handle:RJS96
NS Computer Software and Services P/L, 
Ph: +61-8-8281-0063, FAX: +61-8-8250-2080, 
Samba (Team member), Linux, Apache, Digital UNIX, AIX, C, ...

More information about the samba-technical mailing list