[Samba] Samba calling passwd as user? (It's really about password history)

[Bob Hemedinger]

I was afraid that this might be the answer. I have
asked in the past, as have maybe 2 or 3 others over
the last few months about password history, which
isn't part of Samba 2.2 and is not in 3-alpha (from
what I've seen of it).

It would seem to me that in a pure samba PDC scenario
if samba called passwd as the user, password history
enforcement could be achieved via synching unix
passwords. If it is not feasible for passwd to be
called as the (unix) user, then password history
enforcement via password synching will never be
achievable for samba 2.x.

I am frankly quite surprised that password history
enforcement has not been a more frequent topic, as it
is often cited as a 'best practice' for maintaining
relatively secure systems. How do those who have
implemented or plan to implement a pure samba PDC feel
about this? Is password history enforcement not an
effective measure? How many people who want to
implement a samba PDC are being hampered by this or
similar issues?

I have turned to modifying PAM modules to achieve
password history enforcement with SAMBA users. The key
being that root must honor password restrictions that
are placed on users. I have achieved some success with
my mods to date. If anyone else is interested in them,
I'd be happy to share them.



--- John Benedetto <jbenedet at unm.edu> wrote:
> --On Tuesday, September 03, 2002 5:43 AM -0700 Bob
> Hemedinger 
> <rhemedinger at yahoo.com> wrote:
> 
> > When synching passwords, it looks like the passwd
> > program is called by root. Can samba call passwd
> as a
> > user instead?
> 
> It HAS to call it as root, because that way the
> user's password does not 
> need to be known.
> 
> - john



__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com