diff options
Diffstat (limited to 'docs-xml/smbdotconf/security/passwdchat.xml')
| -rw-r--r-- | docs-xml/smbdotconf/security/passwdchat.xml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/passwdchat.xml b/docs-xml/smbdotconf/security/passwdchat.xml new file mode 100644 index 0000000000..da18142dfa --- /dev/null +++ b/docs-xml/smbdotconf/security/passwdchat.xml @@ -0,0 +1,60 @@ +<samba:parameter name="passwd chat" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This string controls the <emphasis>"chat"</emphasis> + conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and the local password changing + program to change the user's password. The string describes a + sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the + <smbconfoption name="passwd program"/> and what to expect back. If the expected output is not + received then the password is not changed.</para> + + <para>This chat sequence is often quite site specific, depending + on what local methods are used for password control (such as NIS + etc).</para> + + <para>Note that this parameter only is only used if the <smbconfoption + name="unix password sync"/> parameter is set to <constant>yes</constant>. This sequence is + then called <emphasis>AS ROOT</emphasis> when the SMB password in the + smbpasswd file is being changed, without access to the old password + cleartext. This means that root must be able to reset the user's password without + knowing the text of the previous password. In the presence of + NIS/YP, this means that the <smbconfoption name="passwd program"/> must + be executed on the NIS master. + </para> + + <para>The string can contain the macro <parameter + moreinfo="none">%n</parameter> which is substituted + for the new password. The old passsword (<parameter + moreinfo="none">%o</parameter>) is only available when + <smbconfoption name="encrypt passwords"/> has been disabled. + The chat sequence can also contain the standard macros + \n, \r, \t and \s to give line-feed, carriage-return, tab + and space. The chat sequence string can also contain + a '*' which matches any sequence of characters. Double quotes can + be used to collect strings with spaces in them into a single + string.</para> + + <para>If the send string in any part of the chat sequence is a full + stop ".", then no string is sent. Similarly, if the + expect string is a full stop then no string is expected.</para> + + <para>If the <smbconfoption name="pam password change"/> parameter is set to <constant>yes</constant>, the + chat pairs may be matched in any order, and success is determined by the PAM result, not any particular + output. The \n macro is ignored for PAM conversions. + </para> + +</description> + +<related>unix password sync</related> +<related>passwd program</related> +<related>passwd chat debug</related> +<related>pam password change</related> + +<value type="default">*new*password* %n\n*new*password* %n\n *changed*</value> +<value type="example">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</value> +</samba:parameter> |