Windows password expiration
gcarter at valinux.com
Tue Nov 21 17:18:08 GMT 2000
David Endres wrote:
> I feel recently there is a view to create more
> internal systems inside SAMBA such as a password
> database and its own password expiration rather than
> using the systems already built into Unix/Linux such
> as LDAP, PAM, Shadow Passwords, nsswitch, Kerberos
> etc. I know there is integration currently in SAMBA of
> these services, but alot of it is still underdeveloped
> and/or experimental.
Probably a little bit of a misconception here. The
reason Samba has the ability to maintain a smbpasswd file
is that no other system on UNIX maintains LanMan / NT
password hashes. These are required for supporting
the Challenge/Response authentication protocol. The reason
a new account backend is being redesigned is that no other
UNIX service maintain the fields necessary for implementing
an NT style account needed for PDC functionality
(e.g. logon script, profile path, etc...)
So while somethings could possibly be utilized
(password expiration), these tend to be few. In fact,
I'm curious, how many people use password expiration on
UNIX systems? My gut feeling is that it is not all
that many, but I could be wrong.
IMO the correct way for this to be implemented is to
rely upon the local UNIX system for the username, uid, etc...
and map that to a supplemental account profile in Samba's
passdb. Which is the approach I am taking.
> For example both SAMBA and netatalk both use their own
> systems to drive NT Style passwords and File/Print
Don't know Macs. Sorry.
> Another situation is where both the passwd file and
> smbpasswd file both contains a users username, this
> makes syncing of systems just a bit more difficult
> plus you have unnecessary duplication and redundancy
> of data.
The username is used as a table lookup key (for /etc/passwd).
The smbpasswd uid field is effectively ignored in the
latest code. Therefore it is a necessary piece of data.
> Currently SAMBA does a fantastic job in combining
> Windows and Unix environments and I regard it as the
> "killer" server app for the Enterprise.
> These are just my thought on how to further improve
> SAMBA to make it a more integrated product both in
> Windows and Unix environments.
And I (we) appreciate your input. :-)
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba