[Samba] questions about password complexity checking.

Morgan Toal mtoal at burlingtoniowa.org
Tue Feb 14 09:48:38 MST 2012

Hi Samba folks,

I had a couple questions about password complexity checking.

To preface, in smb.conf, we set:

check password script = /usr/local/sbin/crackcheck -d 

Also, if I understand correctly:

/usr/local/sbin/crackcheck comes from samba source rpm package.
maybe we need to compile it ourselves.

/usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm package

Here are my questions:

1) may we also specify -c along with -d in check password script 
paramater to enable "NT like complexity checks"?

2) what precisely are "NT like complexity checks"?

3) there is no file /usr/share/cracklib/pw_dict however there in 
/usr/share/cracklib there is: pw_dict.hwm, pw_dict.pwd, and pw_dict.pwi
I am thinking pw_dict.pwd is the actual dictionary. It's in some sort of 
binary format. Why do we not specify the file extension in the smb.conf 

4) How may we list/modify contents of pw_dict.pwd?

thanks for your time!


Morgan Toal, RHCE, CFCE, CEH, MCP
Network Manager
City of Burlington, Iowa

More information about the samba mailing list