[Samba] Password Expiration

Andrew Bartlett abartlet at pcug.org.au
Wed Mar 20 13:59:03 GMT 2002 

Jim Morris wrote:
> 
> On Wed, 2002-03-20 at 14:49, Andrew Bartlett wrote:
> 
> > Incorrect.  When 'obey pam restrictions = yes' Samba will also honer
> > PAM's account and session controls for encrypted passwords.
> 
> Hmmm. If this is right, then we need to get the documentation updated.
> The current smb.conf man page states:
> 
>    obey pam restrictions (G)
> 
>       When Samba 2.2 is configured to enable PAM  support
>       (i.e.  --with-pam),  this  parameter  will  control
>       whether or not Samba should obey PAM's account  and
>       session management directives. The default behavior
>       is to use PAM for clear  text  authentication  only
>       and  to  ignore  any account or session management.
>       Note that Samba always ignores PAM for  authentica-
>       tion  in  the case of encrypt passwords = yes . The
>       reason is that PAM modules cannot support the chal-
>       lenge/response  authentication  mechanism needed in
>       the presence of SMB password encryption.
> 
>       Default: obey pam restrictions = no
> 
> Note the statement about ignoring PAM when the 'encrypt passwords'
> setting is turned on, as will be the case for a Samba PDC.

It igmores PAM for authentication, not for account/session control. 
Feel free to come up with better wording.

> > > The other information I have found in my research is that Windows 95/98
> > > clients apparently do not handle password expiration well. I.e. they
> > > keep logging into the domain until the password expires, and then just
> > > cannot login anymore.
> >
> > This is much better in HEAD.
> 
> Hmmm. I can pull the HEAD version from CVS and try - but prefer not to
> release HEAD into a production environment.  Any idea what release HEAD
> is currently destined for?  2.2.4 maybe?

3.0

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list