[Samba] password complexity bypasswd by check password script
Andrew Bartlett
abartlet at samba.org
Thu Feb 24 22:05:26 UTC 2022
On Thu, 2022-02-24 at 17:02 -0500, Jonathon Reinhart wrote:
> On Thu, Feb 24, 2022 at 4:54 PM Andrew Bartlett <abartlet at samba.org>
> wrote:
> > On Thu, 2022-02-24 at 16:50 -0500, Jonathon Reinhart via samba
> > wrote:
> > > I am also using the "check password script" option in smb.conf to
> > > check passwords against the HIBP database
> > > (https://gitlab.com/JonathonReinhart/passhashdb).
> > >
> > > I, too, was completely unaware that using "check password script"
> > > bypasses the built-in password complexity checks. Andrew, I
> > > understand your rationale, and I agree with Francis that a
> > > documentation update would be very welcome.
> >
> > So please prepare the documentation patch, and also please write
> > update
> > a wiki page on using the HIBP database.
>
> This should be easy enough.
>
> Andrew, I could look in the code, but can you confirm that this only
> replaces the *complexity* and not the minimum length requirements?
Yes, that is the case. Those can be tuned independently.
> Francis, can you share what solution you are using for checking
> against HIBP? I'm fairly happy with my solution; it is very fast due
> to the binary-search algorithm. However, I'm not thrilled with the
> need for a wrapper script, as I indicate here:
> https://gitlab.com/JonathonReinhart/passhashdb/-/tree/master#use-with-samba
> Perhaps someone has a better idea for dealing with the database path
> and log path. I was trying to avoid another config file, but I guess
> the wrapper script serves the same purpose...
>
> Jonathon
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list