addition to: inappropriate checking in smbpasswd when changing passwords

[James Caccese]

hi, I just wanted to add to the last thing I sent in

for changing the password of a user, it is a good idea to make sure they type in the correct old password. Since we get the old password from the client, we can change the uid to that user, and run passwd as them. then we must send passwd the old password. Or, another option is making the passwd command be:

su -c /usr/bin/passwd %u

this would run passwd as the user %u (on redhat 6.1)
the password chat would have to be changed accordingly


I believe that fixing the password change procedure to remove checking smbpasswd will help fix a whole bunch of problems people have been having with passwords

(both my messages pretain to unencrypted passwords)

-james

James Caccese '01
Pres: Holy Cross Computer Society
Holy Cross College
Worcester, Ma