user password timeout (password expiry)
Bernhard Hornung
bernhard.hornung at streamgate.de
Thu Oct 4 12:19:02 GMT 2001
Thank you very much for answering my questions!
I will look into this and will probaply ask some questios to the ntdom list
;-)
- Bernhard
> Bernhard Hornung wrote:
> > Hello!
> >
> > We are using Samba 2.2.1a as a PDC and I was looking for the password
> > expiry functionality, which I consider quite important for security.
> >
> > I learnded, that the current Samba release does not support this feature,
> > but I found a patch for CVS head in the ntdom mailing list (posted by
> > simon at explodingsheep.org in June)
>
> Samba has had this functionality on PAM systems since 2.2.1, when the
> 'obey pam restrictions' paramater is set. Note that this requires that
> your PAM modules implement this feature, and that the 'unix password
> sync' and 'pam password change' paramaters are set. This also requires
> a valid /etc/pam.d/samba configuration file, see the examples provided.
>
> > This patch invents the smb.conf parameter "user password timeout = x".
> > It seems to be exactly what I was looking for.
> >
> > But (when I am right), the latest 2_2 CVS does not include this patch.
> >
> > Are there any reasons for this?
> > Do I have to expect any problems when I apply the patch to 2.2.1a?
> > When does the Samba - team plan to integrate this feature?
>
> Password expiry is being implemented in HEAD at present, but is more
> complex than one would prefer. In particular only the AuthRewrite code
> in HEAD provides the infrustructure required for this to occur on a
> consistant basis.
>
> Furthermore, patches should go to samba-patches at samba.org (see
> samba.org/samba-patches for information) for developer attention, I
> certainly am not subscribed to samba-ntdom at .
>
> > I will be glad for any information on this subject!
> >
> > - Bernhard
>
> Hope this helps
>
> Andrew Bartlett
More information about the samba-technical
mailing list