[Samba] 'check password script' timeout, diferences between AD and NT mode?

Marco Gaiarin gaio at sv.lnf.it
Mon Jan 20 11:37:35 UTC 2020

Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

> > Or point to the code snippet to read from? ;-)
> source4/dsdb/common/samdb_check_password()
> 		/* Gives a warning after 1 second, terminates after 10 */
> 		tevent_add_timer(event_ctx, event_ctx,
> 				 tevent_timeval_current_ofs(1, 0),
> 				 pwd_timeout_debug, NULL);
> ...
> 		req = samba_runcmd_send(event_ctx, event_ctx,
> 					tevent_timeval_current_ofs(10, 0),
> 					100, 100, cmd, NULL);

Ok, many many thanks!

> > I think also could be added to the manpage...
> A MR on GitLab will be looked on favourably. :-)

I'm not so skilled in this. I can try to write here, hoping someone can
add to samba gitlab... sorry...

Currently manpage say:

	In Samba AD, this script will be run AS ROOT by samba(8) without any substitutions.

and i think we can add (for uniformity, i use 'program' as for NT mode;
but probably it is better to use 'script' overall...):

	In Samba AD, this program will be run AS ROOT by samba(8) without any substitutions.
	Also, the program is run with the password change transaction lock taken, so
	to prevent troubles samba emit a warning after 1 second and forcibly kill the program after 10 seconds, effectively rejecting the password change.
	This have to be taken into account setting up the program.

Again, thanks.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list