R: R: password policy on samba 3.0

Simo Sorce simo.sorce at xsec.it
Wed Oct 29 11:41:42 GMT 2003

On Wed, 2003-10-29 at 12:07, Andrew Bartlett wrote:
> I'm not convinced how much Samba should be involved in the 'password
> quality' issue - given how it varies between sites.  There was a patch
> much earlier that put this out to an external script.  (Allowing
> cracklib and the like)

I think the best way could be to add a cascading style to auth modules
(like vfs ones) so that enyone can do it's own policy simply through a
module. However including some basic checking in samba (those expected
by users) seem ok.

> However, if we do make Samba handle this I would like to see the 'old
> passwords' optionally stored in some salted, not MD4() hashed form, or
> in the original cleartext for soundex comparison.  

Why? salted? What's wrong with MD4 hashes ?


Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399

More information about the samba-technical mailing list