password policy on samba 3.0

Simo Sorce simo.sorce at
Wed Oct 29 10:16:58 GMT 2003

On Tue, 2003-10-28 at 11:42, Aurélien Degrémont wrote:
> Hi,
> We're presently working on patches concerning "password policy".
> There is "where we are" :)
> In order to have these patches ready, some changes must be added to 
> And, to have these changes done, TDBSAM must be upgraded.
> I have made a patch for TDBSAM which was proposed a week ago. I'm 
> wainting for Samba Team's comments.

Well thye password policy and tdbsam format are related but separated
problems, we just need the mechanisms first and then we can adapt all
the backends that can esily be modified to support that extension.
LDAP would be easier for example.

> More over, if we want "password uniqueness", a new field must be added, 
> in order to store the former passwords.

Yes, the problem was about how to do that. Sorry I had no time yet to
read the patch, but for TDBSAM it should be easy to add a string that
holds comma seprated password HASHES ...

> I started a discution concerning the fields that must be added (a week 
> ago too), and i'm also waiting for comments about it.
> About "password lock", sam backends must have a new functionnality which 
> able them to do atomic modifications (incremental modifications). I have 
> not started to work on it yet.

Can you expand on this one? Why do you need it and what operation do
need it? Atomicity is not easy to achive with current passdb backend API

> See my previous patches on samba-technical archives.

Will take a look asap.


Simo Sorce - simo.sorce at
Xsec s.r.l. -
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399

More information about the samba-technical mailing list