samba4 auth and recovery password

Henrik Nordstrom hno at
Sun Nov 13 18:01:08 GMT 2005

On Sun, 13 Nov 2005, Simo Sorce wrote:

> 1. If samba4 configured with --recoverypass=**** then on make install it
> will install a recoverypass.txt file owned by root and with 600
> permissions in /private

I would advise agains this. Configure options gets recorded in a bit too 
many places, and the way users uses configure parameters many users will 
enter sensitive passwords to this option, unaware that their entry will be 
recorded in plain text all ower the build tree and command history.

> 2. In any case if a file is found the password is read from there.

Good. Please also support hashed form.

> 3. If the file does not exist, samba4 will generate a random password at
> runtime and place it in the file.


For security reasons a recovery password should only be available if 
configured. And as you point out once the system has been configured the 
recovery password has fulfilled it's job and should at that point be 
disabled permanently (until manually reset again).

Better to provide a separate tool for setting (and enabling) the recovery 


More information about the samba-technical mailing list