--wuth-tdbsam ?

Andrew Bartlett abartlet at samba.org
Fri Sep 27 01:19:00 GMT 2002

Steve Langasek wrote:
> On Thu, Sep 26, 2002 at 09:20:19PM +0200, Jelmer Vernooij wrote:
> > On Thu, Sep 26, 2002 at 09:14:39PM +0200, Jean Francois Micouleau wrote about 'Re: --wuth-tdbsam ?':
> > > On Thu, 26 Sep 2002, Gerald (Jerry) Carter wrote:
> > > > Anyone?
> > > > Why do we still have a configure flag for this since it is selectable
> > > > at run time ?
> > I guees it used to be optional since we didn't want to compile in
> > unstable code.
> > > and tdbsam should be the default passdb backend in 3.0. We should remove
> > > the smbpasswd file and provide a migration script.
> > 'pdbedit -i smbpasswd -e tdbsam' does exactly that.. now we only need
> > to document it :-)
> Is pdb importing from smbpasswd going to be fixed first so that
> everyone's passwords don't expire 12 days after they upgrade? :)

The problem isn't actually tdbsam, it's smbpasswd.  Smbpasswd is giving
out dodgy made up values.  See, we have a policy database that stores
the 'max password age' etc, but we don't do 'last change time + max
password age = must change time' yet.  I was going to do that, but with
a default value of 21 days, it would lock a lot of people out (who would
certainly not be expecting it).

Really, people have been using smbpasswd on the assumption that
'password does not expire' was implicity set.  Possibly having an easy
tool to set that on every account might be a good idea, but I'm just not

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list