Windows password expiration
bigmudcake at yahoo.com
Sat Nov 18 01:19:08 GMT 2000
I have been using SAMBA for several years at several
sites now, found it to be extremely powerful.
I have also been following the development of the
SAMBA system with great interest, and take my hat off
for the great job the SAMBA Team does in providing a
server application with such a high quality of code
I feel recently there is a view to create more
internal systems inside SAMBA such as a password
database and its own password expiration rather than
using the systems already built into Unix/Linux such
as LDAP, PAM, Shadow Passwords, nsswitch, Kerberos
I know there is integration currently in SAMBA of
these services, but alot of it is still underdeveloped
For example both SAMBA and netatalk both use their own
systems to drive NT Style passwords and File/Print
Another situation is where both the passwd file and
smbpasswd file both contains a users username, this
makes syncing of systems just a bit more difficult
plus you have unnecessary duplication and redundancy
Currently SAMBA does a fantastic job in combining
Windows and Unix environments and I regard it as the
"killer" server app for the Enterprise.
These are just my thought on how to further improve
SAMBA to make it a more integrated product both in
Windows and Unix environments.
> >> Correct me if I am wrong but doesnt the unix
> system already
> >> have a password expiration mechanism built into
> its core ????
> >If supporting shadow password, then yes I believe
> >> Can't you pull the neccessary info from there
> rather than
> >> adding more fields into smbpassword file or
> >We are not adding any more fields to smbpasswd.
> Trust me
> >on this one :)
> >> I persoanlly feel that password expiration is a
> >> important and critical aspect of good password
> >People are often very divided on this. Password
> >can sometimes for people to simply use a list of
> >and rotate them (also forcing them to remember more
> >and often choose simplier passwords in order to
> help alleviate
> >the difficulty). But I digress.... :-)
> >Yeah. I suppose we could pull that information
> >/etc/shadow. Whether or not that is a good idea,
> I'm not
> >sure. In the case of a simple smbpasswd, this
> makes complete
> >sense to do so. In the case of a full SAM
> >such as with an DB backend (follow the passdb
> >on samba-technical for more information on this),
> I'm not sure.
> >Hmmm...that would mean we need to know at compile
> time if the
> >system supports shadow passwords. I'll look into
> this. We
> >may check for that already.
> >Cheers, jerry
> > /\ Gerald (Jerry) Carter
> Professional Services
> > \/ http://www.valinux.com/ VA Linux Systems
> gcarter at valinux.com
> > http://www.samba.org/ SAMBA Team
> jerry at samba.org
> > http://www.plainjoe.org/
> jerry at plainjoe.org
> > "...a hundred billion castaways looking for
> a home."
> > - Sting "Message in
> a Bottle" ( 1979 )
David Endres, mailto:bigmudcake at yahoo.com
===============( )==( )==============
\ ( ) /
Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!
More information about the samba