Windows password expiration

Gerald Carter gcarter at valinux.com
Tue Nov 21 17:18:08 GMT 2000 

David Endres wrote:
> 
> I feel recently there is a view to create more
> internal systems inside SAMBA such as a password
> database and its own password expiration rather than
> using the systems already built into Unix/Linux such
> as LDAP, PAM, Shadow Passwords, nsswitch, Kerberos
> etc. I know there is integration currently in SAMBA of
> these services, but alot of it is still underdeveloped
> and/or experimental.

Probably a little bit of a misconception here.  The 
reason Samba has the ability to maintain a smbpasswd file
is that no other system on UNIX maintains LanMan / NT
password hashes.  These are required for supporting 
the Challenge/Response authentication protocol.  The reason
a new account backend is being redesigned is that no other
UNIX service maintain the fields necessary for implementing
an NT style account needed for PDC functionality 
(e.g. logon script, profile path, etc...)

So while somethings could possibly be utilized 
(password expiration), these tend to be few.  In fact,
I'm curious, how many people use password expiration on
UNIX systems?  My gut feeling is that it is not all 
that many, but I could be wrong.  

IMO the correct way for this to be implemented is to 
rely upon the local UNIX system for the username, uid, etc...
and map that to a supplemental account profile in Samba's
passdb.  Which is the approach I am taking.

> For example both SAMBA and netatalk both use their own
> systems to drive NT Style passwords and File/Print
> shares.

Don't know Macs. Sorry.

> Another situation is where both the passwd file and
> smbpasswd file both contains a users username, this
> makes syncing of systems just a bit more difficult
> plus you have unnecessary  duplication and redundancy
> of data.

The username is used as a table lookup key (for /etc/passwd).
The smbpasswd uid field is effectively ignored in the 
latest code.  Therefore it is a necessary piece of data.

> Currently SAMBA does a fantastic job in combining
> Windows and Unix environments and I regard it as the
> "killer" server app for the Enterprise.
> 
> These are just my thought on how to further improve
> SAMBA to make it a more integrated product both in
> Windows and Unix environments.

And I (we) appreciate your input. :-)




Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba mailing list