Windows password expiration

David Endres bigmudcake at
Sat Nov 18 01:19:08 GMT 2000

I have been using SAMBA for several years at several
sites now,  found it to be extremely powerful.

I have also been following the development of the
SAMBA system with great interest, and take my hat off
for the great job the SAMBA Team does in providing a
server application with such a high quality of code
and efficiency.

I feel recently there is a view to create more
internal systems inside SAMBA such as a password
database and its own password expiration rather than
using the systems already built into Unix/Linux such
as LDAP, PAM, Shadow Passwords, nsswitch, Kerberos
I know there is integration currently in SAMBA of
these services, but alot of it is still underdeveloped
and/or experimental.

For example both SAMBA and netatalk both use their own
systems to drive NT Style passwords and File/Print

Another situation is where both the passwd file and
smbpasswd file both contains a users username, this
makes syncing of systems just a bit more difficult
plus you have unnecessary  duplication and redundancy
of data.

Currently SAMBA does a fantastic job in combining
Windows and Unix environments and I regard it as the
"killer" server app for the Enterprise.

These are just my thought on how to further improve
SAMBA to make it a more integrated product both in
Windows and Unix environments.

> >> Correct me if I am wrong but doesnt the unix
> system already
> >> have a password expiration mechanism built into
> its core ????
> >
> >If supporting shadow password, then yes I believe
> so.
> >
> >> Can't you pull the neccessary info from there
> rather than
> >> adding more fields into smbpassword file or
> smb.conf
> >
> >We are not adding any more fields to smbpasswd. 
> Trust me 
> >on this one :)
> >
> >> I persoanlly feel that password expiration is a
> very
> >> important and critical aspect of good password
> security.
> >
> >People are often very divided on this.  Password
> expiration
> >can sometimes for people to simply use a list of
> passwords 
> >and rotate them (also forcing them to remember more
> passwords
> >and often choose simplier passwords in order to
> help alleviate
> >the difficulty).  But I digress....  :-)
> >
> >Yeah.  I suppose we could pull that information
> from 
> >/etc/shadow.  Whether or not that is a good idea,
> I'm not 
> >sure.  In the case of a simple smbpasswd, this
> makes complete
> >sense to do so.  In the case of a full SAM
> implementation
> >such as with an DB backend (follow the passdb
> thread 
> >on samba-technical for more information on this),
> I'm not sure.
> >
> >Hmmm...that would mean we need to know at compile
> time if the
> >system supports shadow passwords.  I'll look into
> this.  We
> >may check for that already.
> >
> >
> >
> >
> >
> >
> >Cheers, jerry
> >   /\  Gerald (Jerry) Carter                    
> Professional Services
> > \/  VA Linux Systems  
> gcarter at
> >       SAMBA Team      
>    jerry at
> >                    
> jerry at
> >
> >       "...a hundred billion castaways looking for
> a home."
> >                                - Sting "Message in
> a Bottle" ( 1979 )

.                  ,,,
                  (o o)
David Endres, mailto:bigmudcake at
===============(   )==(   )==============
                \ (    ) /
                 \_)  (_/

Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!

More information about the samba mailing list