diff options
| author | Gerald W. Carter <jerry@samba.org> | 2008-04-22 10:09:40 -0500 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:48 -0500 |
| commit | 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d (patch) | |
| tree | 90c6b720ad3a7bc815245c0ef28820424f89d658 /docs-xml/smbdotconf/security/passwdprogram.xml | |
| parent | 197238246389c40edc60c6630d18d6913086e630 (diff) | |
| download | samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.tar.gz samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.tar.bz2 samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.zip | |
Moving docs tree to docs-xml to make room for generated docs in the release tarball.
(This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14)
Diffstat (limited to 'docs-xml/smbdotconf/security/passwdprogram.xml')
| -rw-r--r-- | docs-xml/smbdotconf/security/passwdprogram.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/passwdprogram.xml b/docs-xml/smbdotconf/security/passwdprogram.xml new file mode 100644 index 0000000000..4158c1b7a6 --- /dev/null +++ b/docs-xml/smbdotconf/security/passwdprogram.xml @@ -0,0 +1,37 @@ +<samba:parameter name="passwd program" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>The name of a program that can be used to set + UNIX user passwords. Any occurrences of <parameter moreinfo="none">%u</parameter> + will be replaced with the user name. The user name is checked for + existence before calling the password changing program.</para> + + <para>Also note that many passwd programs insist in <emphasis>reasonable + </emphasis> passwords, such as a minimum length, or the inclusion + of mixed case chars and digits. This can pose a problem as some clients + (such as Windows for Workgroups) uppercase the password before sending + it.</para> + + <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix + password sync</parameter> parameter is set to <constant>yes + </constant> then this program is called <emphasis>AS ROOT</emphasis> + before the SMB password in the smbpasswd + file is changed. If this UNIX password change fails, then + <command moreinfo="none">smbd</command> will fail to change the SMB password also + (this is by design).</para> + + <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter + is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> + for <emphasis>ALL</emphasis> programs called, and must be examined + for security implications. Note that by default <parameter moreinfo="none">unix + password sync</parameter> is set to <constant>no</constant>.</para> + </description> + + <related>unix password symc</related> + + <value type="default"></value> +<value type="example">/bin/passwd %u</value> +</samba:parameter> |