samba4 auth and recovery password

Simo Sorce idra at
Sun Nov 13 11:07:21 GMT 2005

Hello list,

while discussing on IRC about some problem with web authentication using
system user credentials with tridge and abartlet, it came out that the
current way is not satisfying.

Currently we allow root (and any system user in theory) to log in via
SWAT2 so that we can do initial configuration of samba4.

The problem is that we cannot always assume that PAM is available or the
superuser name (allowing any normal unix user makes not much sense).

The idea is to allow for a "recovery password" to be created so that we
can do initial provisioning and configuration as uid 0, create the
administrative SAM user and then proceed from there on with this user.

So the proposal is to create this recovery mechanism keeping in mind
that samba may run on embedded systems and that the administrator may
not have access to the underlying file system.

The recovery system may work like this:

1. If samba4 configured with --recoverypass=**** then on make install it
will install a recoverypass.txt file owned by root and with 600
permissions in /private
2. In any case if a file is found the password is read from there.
3. If the file does not exist, samba4 will generate a random password at
runtime and place it in the file.

Step 1/2 allows embedded manufacturers to configure a default recovery
password for their equipments, of course a mechanism to change the
recovery password at runtime must be provided.

So via SWAT2 there will be available 2-3 auth mechanism.

- The SAM mechanism will always be available of course.
- If configured with PAM, also the System Auth mechanism will be
available but only the "root" user will be allowed to login.
- There will be a recovery password login mechanism as described in this

Comments on this topic are welcome.


Simo Sorce    -  idra at
Samba Team    -
Italian Site  -

More information about the samba-technical mailing list