[Samba] passwd chat for samba->kerberos passwd-sync
Ludek Finstrle
ludek.finstrle at pzkagis.cz
Wed Jan 31 14:11:52 GMT 2007
> This are the tested passwd chats:
>
> passwd program = /usr/bin/passwd %u
> ; passwd chat = *Password:* %o\n *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd chat = *Password:* %o\n *"Enter new password:"* %n\n *"Enter
> it again:"* %n\n *"passwd: password updated successfully"* .
> pam password change = yes
I don't understand why you define "pam password change" and
"passwd program" with "passwd chat". You want "pam password change" or
"unix password sync" with ( "passwd program" and "passwd chat" ).
I have it this way:
unix password sync = yes
passwd program = /usr/kerberos/sbin/kadmin.local -q 'cpw %u'
passwd chat = "Authenticating as principal*"\n"Enter password for principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n \n"Password for *"%u"@* changed."\n
I have kdc on the same machine as samba PDC. I think there are more ways
where kdc is running on another machine then samba PDC.
I don't know if kerberos needs original password when it change password
for user as root throught pam (but I think it needs some password).
I have never used it this way.
Regards,
Luf
More information about the samba
mailing list