Re: SMB passwords etc (was "How can I help ?")
On Wed, Jun 14, 2000 at 02:10:09PM +0100, Zak Kipling wrote:
> I'm no PAM or SMB expert, but I would imagine (if it hasn't been done) it
> would be feasible to make a stacked "password" module to do the reverse,
> ie to update the SMB password (including optionally creating the entry in
> the smbpasswd file if it doesn't exist) when the "passwd" command is used
> to change the unix password.
Yes. That would help a lot. We have a setup, for example, where all
account data (including the encrypted password) is stored in a
PostgreSQL database. Therefore it is not possible to compare this
encrypted password to the encrypted SMB password. And we don't want
a duplication of the password field in the database either.
> A mechanism would obviously be required to prevent a loop situation when
> both options are used simultaneously. If Samba carried out the actual SMB
> password update via PAM, then this should allow for the required
> flexibiliity, with either one or both off the unix/SMB password setting
> modules used by passwd and smbd as desired. This would hopefully eliminate
> the need for the "password sync" option with its dependence on the precise
> prompt string produced by the "passwd" command.
This loop protection is not really necessary since every program/daemon
can be configured separately.
- Sebastian
Reply to: