--wuth-tdbsam ?

Steve Langasek vorlon at netexpress.net
Fri Sep 27 01:46:00 GMT 2002

On Fri, Sep 27, 2002 at 11:18:01AM +1000, Andrew Bartlett wrote:

> > On Thu, Sep 26, 2002 at 09:20:19PM +0200, Jelmer Vernooij wrote:
> > > On Thu, Sep 26, 2002 at 09:14:39PM +0200, Jean Francois Micouleau wrote about 'Re: --wuth-tdbsam ?':

> > > > On Thu, 26 Sep 2002, Gerald (Jerry) Carter wrote:

> > > > > Anyone?

> > > > > Why do we still have a configure flag for this since it is selectable
> > > > > at run time ?
> > > I guees it used to be optional since we didn't want to compile in
> > > unstable code.

> > > > and tdbsam should be the default passdb backend in 3.0. We should remove
> > > > the smbpasswd file and provide a migration script.
> > > 'pdbedit -i smbpasswd -e tdbsam' does exactly that.. now we only need
> > > to document it :-)

> > Is pdb importing from smbpasswd going to be fixed first so that
> > everyone's passwords don't expire 12 days after they upgrade? :)

> The problem isn't actually tdbsam, it's smbpasswd.  Smbpasswd is giving
> out dodgy made up values.  See, we have a policy database that stores
> the 'max password age' etc, but we don't do 'last change time + max
> password age = must change time' yet.  I was going to do that, but with
> a default value of 21 days, it would lock a lot of people out (who would
> certainly not be expecting it).

Well, the users aren't going to care /where/ the problem lies if they
upgrade and find that the defaults cause them to start being locked out
of their accounts... :)  The fact is that if tdbsam is going to become
the default and preferred backend, users are going to need some way to
sanely migrate from smbpasswd to tdbsam.

> Really, people have been using smbpasswd on the assumption that
> 'password does not expire' was implicity set.  Possibly having an easy
> tool to set that on every account might be a good idea, but I'm just not
> sure.

So then, doesn't it make sense to treat smbpasswd entries as if "password
does not expire" is set as part of the smbpasswd pdb interface?  Why
change the semantics of the smbpasswd entry unnecessarily?

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020927/dc35ad95/attachment.bin

More information about the samba-technical mailing list