shadowAccount

Steve Langasek vorlon at netexpress.net
Tue Aug 6 11:04:01 GMT 2002


On Tue, Aug 06, 2002 at 07:15:31PM +1000, Andrew Bartlett wrote:
> Bartlomiej Solarz-Niesluchowski wrote:

> > Good Morning!

> > When Samba will use informations in shadowAccount?
> > e.g.:
> > shadowLastChange: 11898
> > shadowMax: 90
> > shadowWarning: 14
> > shadowInactive: 14

> These apply to the 'shadow' password, which is not always the same as
> Samba password.

> > Or when samba will use PAM for such things?

> Samba 2.2 and 3.0 will honer those valuea via PAM, when so configured.

> > Currently I have setup batch which test above informations and changes it
> > with smbpasswd -e (-d), but this solution is far from perfect.

> Most of these have 'nt' equivilants that Samba uses.  

> That said, it would be useful to be able to use these existing
> attributes.  Unfortunetly the 'shadow' system has a granularity in days,
> while NT uses seconds (actually 100'th of a second I think, but we
> convert to time_t).  It is this kind of 'not quite compatibility' that
> makes this difficult.

As a result, it may be more practical to teach the rest of the Unix
system to use the finer-grained attributes.  I believe pam_smbpass can
do this, when pointed at an LDAP backend.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020806/1fd4f29b/attachment.bin


More information about the samba-technical mailing list