On Wed, 31 Jul 2002, Darrell May wrote:
> Charlie Brady <[EMAIL PROTECTED]> said: > > > My understanding is that it doesn't work in combination with the "passwd > > chat" parameter. > > Charlie, as is typically the case with samba docs, I have not been able to > find any clear reference/answer to this issue. Every smb.conf example I've > come across seems to have both entries in place. Use the Source, Luke! from smbd/chgpasswd.c: ... #ifdef WITH_PAM if (lp_pam_password_change()) { BOOL ret; if (as_root) become_root(); ret = smb_pam_passchange(name, oldpass, newpass); if (as_root) unbecome_root(); return ret; } #endif pstrcpy(passwordprogram, lp_passwd_program()); pstrcpy(chatsequence, lp_passwd_chat()); if (!*chatsequence) { DEBUG(2, ("chgpasswd: Null chat sequence - no password changing\n")); return (False); } ... If pam is being used, then the chat sequence is not used. > It may be best to use both. I can't see having both would hurt anything > :-) It's potentially confusing to have both. Someone will say "I change the passwd chat and it has no effect!". > What about this idea. > > 1) update the 11unixPasswordSync fragment. > > - implement the passwd chat parameter fix Greg sent to 'bugs' > - add code to use a smb PasswordChat db entry if present > > 2) create a new 11pamPassword fragment > - default to 'pam password change = yes' > - use a smb PamPassword db entry if present > > The db entries will assist if future changes are necessary. We could do that, but in this case I don't see any benefit. Using PAM directly for all password changing looks the right thing to do. -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 592 5660 or 592 2122 Fax: +1 (613) 592 1175 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org