Windows password expiration
David Endres
bigmudcake at yahoo.com
Sat Nov 18 01:19:08 GMT 2000
I have been using SAMBA for several years at several
sites now, found it to be extremely powerful.
I have also been following the development of the
SAMBA system with great interest, and take my hat off
for the great job the SAMBA Team does in providing a
server application with such a high quality of code
and efficiency.
I feel recently there is a view to create more
internal systems inside SAMBA such as a password
database and its own password expiration rather than
using the systems already built into Unix/Linux such
as LDAP, PAM, Shadow Passwords, nsswitch, Kerberos
etc.
I know there is integration currently in SAMBA of
these services, but alot of it is still underdeveloped
and/or experimental.
For example both SAMBA and netatalk both use their own
systems to drive NT Style passwords and File/Print
shares.
Another situation is where both the passwd file and
smbpasswd file both contains a users username, this
makes syncing of systems just a bit more difficult
plus you have unnecessary duplication and redundancy
of data.
Currently SAMBA does a fantastic job in combining
Windows and Unix environments and I regard it as the
"killer" server app for the Enterprise.
These are just my thought on how to further improve
SAMBA to make it a more integrated product both in
Windows and Unix environments.
> >> Correct me if I am wrong but doesnt the unix
> system already
> >> have a password expiration mechanism built into
> its core ????
> >
> >If supporting shadow password, then yes I believe
> so.
> >
> >> Can't you pull the neccessary info from there
> rather than
> >> adding more fields into smbpassword file or
> smb.conf
> >
> >We are not adding any more fields to smbpasswd.
> Trust me
> >on this one :)
> >
> >> I persoanlly feel that password expiration is a
> very
> >> important and critical aspect of good password
> security.
> >
> >People are often very divided on this. Password
> expiration
> >can sometimes for people to simply use a list of
> passwords
> >and rotate them (also forcing them to remember more
> passwords
> >and often choose simplier passwords in order to
> help alleviate
> >the difficulty). But I digress.... :-)
> >
> >Yeah. I suppose we could pull that information
> from
> >/etc/shadow. Whether or not that is a good idea,
> I'm not
> >sure. In the case of a simple smbpasswd, this
> makes complete
> >sense to do so. In the case of a full SAM
> implementation
> >such as with an DB backend (follow the passdb
> thread
> >on samba-technical for more information on this),
> I'm not sure.
> >
> >Hmmm...that would mean we need to know at compile
> time if the
> >system supports shadow passwords. I'll look into
> this. We
> >may check for that already.
> >
> >
> >
> >
> >
> >
> >Cheers, jerry
>
>----------------------------------------------------------------------
> > /\ Gerald (Jerry) Carter
> Professional Services
> > \/ http://www.valinux.com/ VA Linux Systems
> gcarter at valinux.com
> > http://www.samba.org/ SAMBA Team
> jerry at samba.org
> > http://www.plainjoe.org/
> jerry at plainjoe.org
> >
> > "...a hundred billion castaways looking for
> a home."
> > - Sting "Message in
> a Bottle" ( 1979 )
=====
. ,,,
(o o)
==============oOO==(_)==OOo==============
David Endres, mailto:bigmudcake at yahoo.com
===============( )==( )==============
\ ( ) /
\_) (_/
__________________________________________________
Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!
http://calendar.yahoo.com/
More information about the samba
mailing list