addition to: inappropriate checking in smbpasswd when changing passwords

James Caccese el_smead at
Wed Apr 12 00:29:28 GMT 2000

I think that having more then one password database is not a good idea. 
Especially if you don't need more then one, as in the case with un-encrypted 
passwords. The idea is that from the beginning there is no second password 
file, so there is never a chance for anything to get un-synced. Also 
allowing a user's password to validate against either of two files is 
confusing to people. I personally have at least 8 different passwords i need 
to keep track of, but remember that it's people like us that set up and 
maintain software like samba, but it's the type of people who use cd-rom 
drives for cupholders that are the real users of what we setup. There is a 
fine line of usability balanced between confusing users with software that 
is too complicated and confusing users with software that isn't rigid 
enough. They just don't know what to expect.


James Caccese '01
Pres: Holy Cross Computer Society
Holy Cross College
Worcester, Ma

>James Caccese <jwcacces at> wrote:
>>hi, I just wanted to add to the last thing I sent in
>>for changing the password of a user, it is a good idea to make sure they 
>>type in the correct old password.
>IMHO: In the case of the passwords possibly being out of synchronization, 
> >then in many cases it should be acceptable that the old password matches 
> >either host password, or the password in the smb password database. Thus 
>when it >is changed, they both can be synchronized.
>-John wb8tyw at
Get Your Private, Free Email at

More information about the samba-technical mailing list