addition to: inappropriate checking in smbpasswd when changing passwords

Peter Samuelson peter at
Sat Apr 15 14:22:16 GMT 2000

[James Caccese]
> I think that having more then one password database is not a good
> idea.  Especially if you don't need more then one, as in the case
> with un-encrypted passwords.

The feature is there for migration purposes.  Say you have existing
Unix users.  You set up Samba with `encrypt passwords = no' and
instantly you have Windows users.  But you don't like the situation
because it's insecure, so six months from now you switch to `encrypt
passwords = yes'.  Since Samba has been updating smbpasswd the whole
time, anyone who has changed his password in the past six months will
now have a valid password.  If you implement some sort of password
aging, this means everyone who regularly uses the system(s).

However, the behavior you described originally *is* a bug, IMO.  Samba
should never *use* smbpasswd with `encrypt passwords = no', although it
should *update* it.


More information about the samba-technical mailing list