password sync

[Charles Marcus]

Hi Andrew,

Question below...

> From: samba-admin at lists.samba.org
> [mailto:samba-admin at lists.samba.org]On
> Behalf Of Andrew Bartlett
> Sent: Tuesday, January 08, 2002 4:26 AM
> To: Christian Barth
> Cc: 'Jan Vidar Klevengen'; 'Samba'; Lloyd Anderson
> Subject: Re: password sync
>
> > > I had tried all combo's of the chat script, including
> > > copying and pasting the results of the actual program,
> > > and filling in the necessary variables. None of it
> > > worked. (The version below is the copied version, with
> > > slight modification.)

> > > I added "password chat debug = yes" and log level = 100
> > > and without changing anything else, it worked. (I still
> > > can't understand why, because I then changed then removed
> > > the chat debug, and reset the log level, and it still
> > > worked.

> > We had this situation too, even worse because it some times
> > worked with out "password chat debug = yes" and some time
> > not. I guessed that it is a time out problem and increased
> > the timeout values in source/smbd/chgpasswd.c (line 213 and
> > 224 for samba 2.0.7) form 2000 to 12000 and 200 to 1200 and
> > recompailed. We do not have any problemes since. Normaly
> > our machine is fast engnough, so I don't understand, wy we
> > had to increase the timeouts. AND: I do not no if this has
> > any security impacts!!

> I always recommend running 2.2.2 and compiling --with-pam,
> setting 'pam password change = yes' in your smb.conf.  This
> means you must have an /etc/pam.d/samba file containing a
> 'password' line, but is *much* easier to debug becouse it
> doesn't use timeouts and other nasties - it uses the PAM
> interface directly.  We even get meaningful errors out of it :-).
>
> Andrew Bartlett

How secure is this, real world?  I have heard many times that PAM is 'bad'
because it uses clear-text passwords.  I would love to start using it, as it
seems to be real simple compared to other methods, but am concerned about
security.

Appreciate any comments...

Charles