--with-cracklib for Samba
Pierre Belanger
pbelang1 at oss.cantel.rogers.com
Thu Jan 16 04:58:01 GMT 2003
Hi all,
Last night I did a "grep -i todo" in the source code, to see
if I could contribute a little bit more ;-) I found the
following:
smbd/chgpasswd.c: /* TODO: Add cracklib support here */
I started working on this last night (using SAMBA_3_0
branch) and do have something working (the "configure.in",
documentation, etc is not done yet). I had to make my own
"API" to cracklib to make this work because the original API
uses getuid() and getpwuid() to get the username and fullname
(gecos). I also found a lot of places in the cracklib code
that is really not "full-proof". So... in the search for
a better solution:
Tonight, I checked the "cracklib" included in "npasswd".
(I found a bug, it's also in the original cracklib!!!)
There isn't a better "API", still uses getuid()/getpwuid().
If the original cracklib or npasswd's cracklib is a
good idea for Samba, I'll contact the maintainer for both
products and see if they agree to "update" their code with
the new API and also update their download site(s). I have
the feeling "cracklib original" is quite dead unless there
is a new maintainer (found nothing on sourceforge /
freshmeat) and might have better chances with the cracklib
included in npasswd.
Besides using cracklib for password changing, I thought
of the following idea. Once "cracklib" is enable, have
an attribute in smb.conf "force password change = yes".
Then at logon if the password is found by cracklib, force
the user to change their password right away. That's for
Samba 3.0.1 ;-) unless I easily find how to do this!
If you have other ideas let me know.
Do I continue working on this or not?
Best regards,
Pierre B.
More information about the samba-technical
mailing list