Password expiry in Samba?

Andrew Bartlett abartlet at pcug.org.au
Mon Oct 29 03:06:03 GMT 2001


Kimmo Akkanen wrote:
> 
> >>In the smbpasswd file, can someone tell me what the last field in each
> >>line means? This is the field that begins with "LCT-". I'm trying to
> >>generate each line from the smb crypt perl module and I need to know what
> >>to put there.
> 
> > LCT == Last Change Time. It's the time in seconds since 1970 when
> > the password was last changed.
> > Jeremy.
> 
> Correct me if I'm wrong, but this seems to give an easy
> way to implement "password expiry" or such parameter to
> Samba? Couldn't Samba just check this "LCT" from smbpassword
> and notify the user if it's more than what's given at smb.conf?
> 
> This could perhaps be done manually now, but would be
> a nifty feature to have straight from smb.conf.
> 
> Btw, Samba 2.2.2 is an excellent product - stable as a rock! =)
> Thanks!

There are two ways this can be done at the moment:

In HEAD, passwords expire every 21 days, unless the 'this account does
not expire' option  is set (which is the default).  By the time HEAD
becomes 3.0 there should be a sane way this can be controlled from
smb.conf.

In Samba 2.2 you can use PAM (compile --with-pam) for this.  Keep your
PAM and Samba passwords in sync with the 'unix password sync' and 'pam
password change' options, and then you can enable 'obey pam
restrictions' to get password expiry - in the same way you get it for
SSH logins, for example.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Samba Team member, Build Farm maintainer        abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba mailing list