Re: [e-smith-devinfo] Samba bug on SME 5.5 [ANNOUNCEMENT]

Wed, 31 Jul 2002 09:46:22 -0700 


On Wed, 31 Jul 2002, Darrell May wrote:

> Charlie Brady <[EMAIL PROTECTED]> said:
> 
> > My understanding is that it doesn't work in combination with the "passwd
> > chat" parameter.
> 
> Charlie, as is typically the case with samba docs, I have not been able to
> find any clear reference/answer to this issue.  Every smb.conf example I've
> come across seems to have both entries in place.

Use the Source, Luke!

from smbd/chgpasswd.c:

...
#ifdef WITH_PAM
        if (lp_pam_password_change()) {
                BOOL ret;

                if (as_root)
                        become_root();

                ret = smb_pam_passchange(name, oldpass, newpass);

                if (as_root)
                        unbecome_root();

                return ret;
        }
#endif

        pstrcpy(passwordprogram, lp_passwd_program());
        pstrcpy(chatsequence, lp_passwd_chat());

        if (!*chatsequence) {
                DEBUG(2, ("chgpasswd: Null chat sequence - no password 
changing\n"));
                return (False);
        }
...

If pam is being used, then the chat sequence is not used.

> It may be best to use both.  I can't see having both would hurt anything
> :-)

It's potentially confusing to have both. Someone will say "I change the 
passwd chat and it has no effect!".

> What about this idea.
> 
> 1) update the 11unixPasswordSync fragment.
> 
> - implement the passwd chat parameter fix Greg sent to 'bugs'
> - add code to use a smb PasswordChat db entry if present
> 
> 2) create a new 11pamPassword fragment
> - default to 'pam password change = yes'
> - use a smb PamPassword db entry if present
> 
> The db entries will assist if future changes are necessary.

We could do that, but in this case I don't see any benefit. Using PAM 
directly for all password changing looks the right thing to do.

--
Charlie Brady                         [EMAIL PROTECTED]
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 592 5660 or 592 2122  Fax: +1 (613) 592 1175



--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org

Reply via email to