user password timeout (password expiry)

Andrew Bartlett abartlet at pcug.org.au
Thu Oct 4 00:41:04 GMT 2001


Bernhard Hornung wrote:
> 
> Hello!
> 
> We are using Samba 2.2.1a as a PDC and I was looking for the password expiry
> functionality, which I consider quite important for security.
> 
> I learnded, that the current Samba release does not support this feature, but
> I found a patch for CVS head in the ntdom mailing list (posted by
> simon at explodingsheep.org in June)

Samba has had this functionality on PAM systems since 2.2.1, when the
'obey pam restrictions' paramater is set.  Note that this requires that
your PAM modules implement this feature, and that the 'unix password
sync' and 'pam password change' paramaters are set.  This also requires
a valid /etc/pam.d/samba configuration file, see the examples provided.

> This patch invents the smb.conf parameter "user password timeout = x".  It
> seems to be exactly what I was looking for.
> 
> But  (when I am right), the latest 2_2 CVS does not include this patch.
> 
> Are there any reasons for this?
> Do I have to expect any problems when I apply the patch to 2.2.1a?
> When does the Samba - team plan to integrate this feature?

Password expiry is being implemented in HEAD at present, but is more
complex than one would prefer.  In particular only the AuthRewrite code
in HEAD provides the infrustructure required for this to occur on a
consistant basis.

Furthermore, patches should go to samba-patches at samba.org (see
samba.org/samba-patches for information) for developer attention, I
certainly am not subscribed to samba-ntdom at .
 
> I will be glad for any information on this subject!
> 
> - Bernhard

Hope this helps

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Samba Team member, Build Farm maintainer        abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba-technical mailing list