[Samba] Change in smbpasswd in 3.0.6
Jeremy Allison
jra at samba.org
Fri Sep 17 18:13:01 GMT 2004
On Fri, Sep 17, 2004 at 01:18:16PM -0400, Christian Merrill wrote:
> Hi, we recently had a customer reporting that a script they run that
> includes an smbpasswd statement was no longer functioning after
> upgrading. The smbpasswd command was being used to create an account
> and set a password -- taking the passwd as the second argument. It
> looks like there has been a change in the code (possibly security
> related) and I was just curious what the offical reason is for it.
>
> Line 177 samba-3.0.4/source/utils/smbpasswd.c
> switch(argc)
> has three case statements '0', '1', and '2'
> in the case of '2', it takes the 2nd parameter and uses it as a password
>
> Line 166 samba-3.0.6/source/utils/smbpasswd.c
> switch(argc)
> has two case statements '0' and '1'
> for the value number of parameters that can be passed to the program
Yes, I made the change as it is a really bad idea to allow passwords
listed in the clear on the command line. The recommended way to script
smbpasswd is to use the -s (use stdin for password prompt) option. I
don't think the password on command line was ever documented, it just
happened to work.
Jeremy.
More information about the samba
mailing list