[Samba] Change in smbpasswd in 3.0.6

Jeremy Allison jra at samba.org
Fri Sep 17 18:13:01 GMT 2004

On Fri, Sep 17, 2004 at 01:18:16PM -0400, Christian Merrill wrote:
> Hi, we recently had a customer reporting that a script they run that 
> includes an smbpasswd statement was no longer functioning after 
> upgrading.  The smbpasswd command was being used to create an account 
> and set a password -- taking the passwd as the second argument.  It 
> looks like there has been a change in the code (possibly security 
> related) and I was just curious what the offical reason is for it.
> Line 177 samba-3.0.4/source/utils/smbpasswd.c
> switch(argc)
> has three case statements '0', '1', and '2'
> in the case of '2', it takes the 2nd parameter and uses it as a password
> Line 166 samba-3.0.6/source/utils/smbpasswd.c
> switch(argc)
> has two case statements '0' and '1'
> for the value number of parameters that can be passed to the program

Yes, I made the change as it is a really bad idea to allow passwords
listed in the clear on the command line. The recommended way to script
smbpasswd is to use the -s (use stdin for password prompt) option. I
don't think the password on command line was ever documented, it just
happened to work.


More information about the samba mailing list