[Samba] password complexity bypasswd by check password script
jonathon.reinhart at gmail.com
Thu Feb 24 22:02:51 UTC 2022
On Thu, Feb 24, 2022 at 4:54 PM Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2022-02-24 at 16:50 -0500, Jonathon Reinhart via samba wrote:
> > I am also using the "check password script" option in smb.conf to
> > check passwords against the HIBP database
> > (https://gitlab.com/JonathonReinhart/passhashdb).
> > I, too, was completely unaware that using "check password script"
> > bypasses the built-in password complexity checks. Andrew, I
> > understand your rationale, and I agree with Francis that a
> > documentation update would be very welcome.
> So please prepare the documentation patch, and also please write update
> a wiki page on using the HIBP database.
This should be easy enough.
Andrew, I could look in the code, but can you confirm that this only
replaces the *complexity* and not the minimum length requirements?
Francis, can you share what solution you are using for checking
against HIBP? I'm fairly happy with my solution; it is very fast due
to the binary-search algorithm. However, I'm not thrilled with the
need for a wrapper script, as I indicate here:
Perhaps someone has a better idea for dealing with the database path
and log path. I was trying to avoid another config file, but I guess
the wrapper script serves the same purpose...
More information about the samba