password policy on samba 3.0

Aurélien Degrémont adegremont at
Tue Oct 28 10:42:21 GMT 2003


We're presently working on patches concerning "password policy".
There is "where we are" :)

In order to have these patches ready, some changes must be added to 
And, to have these changes done, TDBSAM must be upgraded.
I have made a patch for TDBSAM which was proposed a week ago. I'm 
wainting for Samba Team's comments.

More over, if we want "password uniqueness", a new field must be added, 
in order to store the former passwords.
I started a discution concerning the fields that must be added (a week 
ago too), and i'm also waiting for comments about it.

About "password lock", sam backends must have a new functionnality which 
able them to do atomic modifications (incremental modifications). I have 
not started to work on it yet.

See my previous patches on samba-technical archives.

Aurélien Degrémont

lu wrote:

>Now Redhat has released their Enterprise Linux 3.0 (TAROON) that include the
>newer Samba 3.0, that doesn't have the password policy implemented. Who is
>using Enterprise Linux and Samba alpha2x with my password policy patch need
>to upgrade to TAROON and the Samba 3.0 with Password policy patch. I know
>that you are working  on "password lock" on 3.0 rc4 and I'd like to know
>how's going your work. I would patch again the 3.0 with the password policy
>(more complete than password lockout, it should include also password age,
>password history, password must change time etc), but before starting the
>work I will know if someone has just made similar work.
>I think that if the password patch will not accepted by the Samba team, it
>will be difficult to users to upgrade their system every time a new release
>I'm also aware that Samba team put the patch in the official branch only if
>they think it is very very mature, but we cannot wait for years...
>Best regards,
>Jianliang Lu
>TieSse s.p.a      Ivrea (to) Italy
> at
>luj at

More information about the samba-technical mailing list