[Samba] Samba-2.2.3a-LDAP-PDC: password policy
Andrew Bartlett
abartlet at pcug.org.au
Thu Apr 4 01:53:06 GMT 2002
Thomas Klettke wrote:
>
> My setup:
> -RH7.2 on a 2.4.17 kernel with acl support
> -samba 2.2.3a, using LDAP (with smbldap-tools), functions as PDC
>
> Question:
> Before using smbldap-passwd.pl, (meaning: using "passwd") Linux would not
> allow "trivial" passwords (blank, too short, dictionary words, etc.). As I
> understand, one of the tools that enables this is cracklib.
> With LDAP in place, I would like to have the same level of security, e.g.
> preventing my users from using the trivial password that many people love
> soo much.
> Has anyone found a solution to combine ldappasswd, or smbldap-passwd.pl with
> the security of cracklib?
I do this by having my user's change their passwords via PAM and
pam_winbind (I use HEAD for this, where I cleaned up pam_winbind *a
lot*). I currently don't advertise (or restrict) windows based password
changes - I intend to do this by adding cracklib support to Samba. (not
as hard as it sounds).
You could do this by setting 'unix password sync' (smb.conf option) and
setting 'passwd program' to point to a script that calls cracklib
itself. Samba won't change a password without the unix sync occouring
first.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list