[Samba] FW: Questions about Samba 4
Rowland Penny
rowlandpenny241155 at gmail.com
Fri Aug 28 13:13:49 UTC 2015
On 28/08/15 13:53, L.P.H. van Belle wrote:
> Rowland,
>
> if ChallengeResponseAuthentication is 'yes', and the PAM authentication policy
> for sshd includes pam_unix, password authentication will be allowed through
> the challenge-response mechanism regardless of the value of PasswordAuthentication.
>
> source.
> http://www.unixlore.net/articles/five-minutes-to-more-secure-ssh.html
> start reading as of : Details on PAM Authentication
>
> but a good find, maybe Volker can use this info also.
>
>
> Greetz,
>
> Louis
>
>
>
>
>
Hi Louis, I wasn't sure about the PasswordAuthentication setting, but
before I set both, if I tried to login via ssh to a Unix client with a
user whose password was set to be changed at next login, I got winbind
using 100% CPU and the user couldn't login. After I set them, I got
asked for the password, I was then informed the password had expired and
I must change it, after I entered a new password (twice) I was logged in
and winbind never got anywhere near 100% CPU.
Have you tried it ?
More information about the samba
mailing list