[Samba] 'check password script' timeout, diferences between AD and NT mode?
Marco Gaiarin
gaio at sv.lnf.it
Mon Jan 20 11:37:35 UTC 2020
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> > Or point to the code snippet to read from? ;-)
> source4/dsdb/common/samdb_check_password()
> /* Gives a warning after 1 second, terminates after 10 */
> tevent_add_timer(event_ctx, event_ctx,
> tevent_timeval_current_ofs(1, 0),
> pwd_timeout_debug, NULL);
> ...
>
> req = samba_runcmd_send(event_ctx, event_ctx,
> tevent_timeval_current_ofs(10, 0),
> 100, 100, cmd, NULL);
Ok, many many thanks!
> > I think also could be added to the manpage...
> A MR on GitLab will be looked on favourably. :-)
I'm not so skilled in this. I can try to write here, hoping someone can
add to samba gitlab... sorry...
Currently manpage say:
In Samba AD, this script will be run AS ROOT by samba(8) without any substitutions.
and i think we can add (for uniformity, i use 'program' as for NT mode;
but probably it is better to use 'script' overall...):
In Samba AD, this program will be run AS ROOT by samba(8) without any substitutions.
Also, the program is run with the password change transaction lock taken, so
to prevent troubles samba emit a warning after 1 second and forcibly kill the program after 10 seconds, effectively rejecting the password change.
This have to be taken into account setting up the program.
Again, thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list