summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/passwdprogram.xml
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2003-03-27 15:27:19 +0000
committerAlexander Bokovoy <ab@samba.org>2003-03-27 15:27:19 +0000
commit5cd3d3f14ef56ff5f1d92aba0174649f3d368f66 (patch)
tree7982c107cb4ecf2b739dd0d21b591aca20e9b19a /docs/docbook/smbdotconf/security/passwdprogram.xml
parent7c6a4de6f97287e43405b66baa81aa328315de7c (diff)
downloadsamba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.tar.gz
samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.tar.bz2
samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.zip
Add new framework for smb.conf(5). Please read README before trying to compile.
I will commit more meta-information updates during week-end. (This used to be commit 8d684dffab6a90b3d612a1aa2b2c457a2bc2e6ac)
Diffstat (limited to 'docs/docbook/smbdotconf/security/passwdprogram.xml')
-rw-r--r--docs/docbook/smbdotconf/security/passwdprogram.xml35
1 files changed, 35 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/passwdprogram.xml b/docs/docbook/smbdotconf/security/passwdprogram.xml
new file mode 100644
index 0000000000..dae24e22a1
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/passwdprogram.xml
@@ -0,0 +1,35 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="PASSWDPROGRAM"/>passwd program (G)</term>
+ <listitem><para>The name of a program that can be used to set
+ UNIX user passwords. Any occurrences of <parameter moreinfo="none">%u</parameter>
+ will be replaced with the user name. The user name is checked for
+ existence before calling the password changing program.</para>
+
+ <para>Also note that many passwd programs insist in <emphasis>reasonable
+ </emphasis> passwords, such as a minimum length, or the inclusion
+ of mixed case chars and digits. This can pose a problem as some clients
+ (such as Windows for Workgroups) uppercase the password before sending
+ it.</para>
+
+ <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix
+ password sync</parameter> parameter is set to <constant>yes
+ </constant> then this program is called <emphasis>AS ROOT</emphasis>
+ before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5)
+ </ulink> file is changed. If this UNIX password change fails, then
+ <command moreinfo="none">smbd</command> will fail to change the SMB password also
+ (this is by design).</para>
+
+ <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter
+ is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis>
+ for <emphasis>ALL</emphasis> programs called, and must be examined
+ for security implications. Note that by default <parameter moreinfo="none">unix
+ password sync</parameter> is set to <constant>no</constant>.</para>
+
+ <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix
+ password sync</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">passwd program = /bin/passwd</command></para>
+ <para>Example: <command moreinfo="none">passwd program = /sbin/npasswd %u</command>
+ </para>
+ </listitem>
+ </samba:parameter>