andrea.bencini at tin.it
Sat Dec 29 16:21:48 GMT 2007
----- Original Message -----
From: "Dale Schroeder" <dale at BriannasSaladDressing.com>
To: "Andrea Bencini" <andrea.bencini at tin.it>
Sent: Friday, December 28, 2007 7:42 PM
Subject: Re: [Samba] password
> SWAT's help files are a good resource, as shown below.
> passwd program (G)
> The name of a program that can be used to set UNIX user passwords.
> Any occurrences of /|%u|/ will be replaced with the user name. The
> user name is checked for existence before calling the password
> changing program.
> Also note that many passwd programs insist in /reasonable /
> passwords, such as a minimum length, or the inclusion of mixed case
> chars and digits. This can pose a problem as some clients (such as
> Windows for Workgroups) uppercase the password before sending it.
> /Note/ that if the /|unix password sync|/ parameter is set to |yes |
> then this program is called /AS ROOT/ before the SMB password in the
> smbpasswd file is changed. If this UNIX password change fails, then
> |smbd| will fail to change the SMB password also (this is by design).
> If the /|unix password sync|/ parameter is set this parameter /MUST
> USE ABSOLUTE PATHS/ for /ALL/ programs called, and must be examined
> for security implications. Note that by default /|unix password
> sync|/ is set to |no|.
> Default: //|passwd program|/ = || /
> Example: //|passwd program|/ = |/bin/passwd %u| /
> passwd chat (G)
> This string controls the /"chat"/ conversation that takes places
> between smbd(8)
> <http://192.168.1.223:901/swat/help/manpages/smbd.8.html> and the
> local password changing program to change the user's password. The
> string describes a sequence of response-receive pairs that smbd(8)
> <http://192.168.1.223:901/swat/help/manpages/smbd.8.html> uses to
> determine what to send to the passwd program and what to expect
> back. If the expected output is not received then the password is
> not changed.
> This chat sequence is often quite site specific, depending on what
> local methods are used for password control (such as NIS etc).
> Note that this parameter only is only used if the unix password sync
> parameter is set to |yes|. This sequence is then called /AS ROOT/
> when the SMB password in the smbpasswd file is being changed,
> without access to the old password cleartext. This means that root
> must be able to reset the user's password without knowing the text
> of the previous password. In the presence of NIS/YP, this means that
> the passwd program must be executed on the NIS master.
> The string can contain the macro /|%n|/ which is substituted for the
> new password. The chat sequence can also contain the standard macros
> \n, \r, \t and \s to give line-feed, carriage-return, tab and space.
> The chat sequence string can also contain a '*' which matches any
> sequence of characters. Double quotes can be used to collect strings
> with spaces in them into a single string.
> If the send string in any part of the chat sequence is a full stop
> ".", then no string is sent. Similarly, if the expect string is a
> full stop then no string is expected.
> If the pam password change parameter is set to |yes|, the chat pairs
> may be matched in any order, and success is determined by the PAM
> result, not any particular output. The \n macro is ignored for PAM
> Default: //|passwd chat|/ = |*new*password* %n\n*new*password* %n\n
> *changed*| /
> Example: //|passwd chat|/ = |"*Enter OLD password*" %o\n "*Enter NEW
> password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"| /
> Andrea Bencini wrote:
>> I would like to know about "passwd program" and "passwd chat" (I have
>> already read man of smb.conf)
>> 1- What is their function
>> 2- When I should use them
More information about the samba