Encrypted and plain passwords with one server

Michael Ju. Tokarev mjt at tls.msk.ru
Sun Sep 24 09:11:47 GMT 2000

David Collier-Brown wrote:
>         I'd propose an option like "invalidate if encrypted" to
>         set the unix password field to (literally!)
>         "INVALIDATED_BY_SMB" or the like.

And thus totally breaking shell access (unless one uses some
sort of pam_smb[passwd] mechanism that is not good IMHO).
I think that this option just inappropriate here.

BTW, _all_ this stuff (update_encrypted, smbpasswd file as a whole,
ldap support etc) completely belongs to pam.  At least, if samba
will not support pam (what samba has now is not really a "support"
for pam) it should have it's own interface/api to dynamically load
some "samba-pam" modules.  Moreover, newer utmp stuff also belongs
to that.


More information about the samba-technical mailing list