--with-cracklib for Samba

Pierre Belanger pbelang1 at oss.cantel.rogers.com
Thu Jan 16 04:58:01 GMT 2003

Hi all,

Last night I did a "grep -i todo" in the source code, to see
if I could contribute a little bit more ;-) I found the

smbd/chgpasswd.c:   /* TODO:  Add cracklib support here */

I started working on this last night (using SAMBA_3_0
branch) and do have something working (the "configure.in",
documentation, etc is not done yet). I had to make my own
"API" to cracklib to make this work because the original API
uses getuid() and getpwuid() to get the username and fullname
(gecos). I also found a lot of places in the cracklib code
that is really not "full-proof". So... in the search for
a better solution:

Tonight, I checked the "cracklib" included in "npasswd".
(I found a bug, it's also in the original cracklib!!!)
There isn't a better "API", still uses getuid()/getpwuid().

If the original cracklib or npasswd's cracklib is a
good idea for Samba, I'll contact the maintainer for both
products and see if they agree to "update" their code with
the new API and also update their download site(s). I have
the feeling "cracklib original" is quite dead unless there
is a new maintainer (found nothing on sourceforge /
freshmeat) and might have better chances with the cracklib
included in npasswd.

Besides using cracklib for password changing, I thought
of the following idea. Once "cracklib" is enable, have
an attribute in smb.conf "force password change = yes".
Then at logon if the password is found by cracklib, force
the user to change their password right away. That's for
Samba 3.0.1 ;-) unless I easily find how to do this!
If you have other ideas let me know.

Do I continue working on this or not?

Best regards,
Pierre B.

More information about the samba-technical mailing list