diff options
Diffstat (limited to 'docs/docbook/smbdotconf/security/passwdchat.xml')
-rw-r--r-- | docs/docbook/smbdotconf/security/passwdchat.xml | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/passwdchat.xml b/docs/docbook/smbdotconf/security/passwdchat.xml new file mode 100644 index 0000000000..922f1a878c --- /dev/null +++ b/docs/docbook/smbdotconf/security/passwdchat.xml @@ -0,0 +1,58 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term> + <listitem><para>This string controls the <emphasis>"chat"</emphasis> + conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and the local password changing + program to change the user's password. The string describes a + sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the + <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter> + </link> and what to expect back. If the expected output is not + received then the password is not changed.</para> + + <para>This chat sequence is often quite site specific, depending + on what local methods are used for password control (such as NIS + etc).</para> + <para>Note that this parameter only is only used if the <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix + password sync</parameter></link> parameter is set to <constant>yes</constant>. This + sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password + in the smbpasswd file is being changed, without access to the old + password cleartext. This means that root must be able to reset the user's password + without knowing the text of the previous password. In the presence of NIS/YP, + this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be + executed on the NIS master. + </para> + + + <para>The string can contain the macro <parameter moreinfo="none">%n</parameter> which is substituted + for the new password. The chat sequence can also contain the standard + macros <constant>\\n</constant>, <constant>\\r</constant>, <constant> + \\t</constant> and <constant>\\s</constant> to give line-feed, + carriage-return, tab and space. The chat sequence string can also contain + a '*' which matches any sequence of characters. + Double quotes can be used to collect strings with spaces + in them into a single string.</para> + + <para>If the send string in any part of the chat sequence + is a full stop ".", then no string is sent. Similarly, + if the expect string is a full stop then no string is expected.</para> + + <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam + password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs + may be matched in any order, and success is determined by the PAM result, + not any particular output. The \n macro is ignored for PAM conversions. + </para> + + <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix password + sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter moreinfo="none"> + passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG"> + <parameter moreinfo="none">passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> + <parameter moreinfo="none">pam password change</parameter></link>.</para> + + <para>Default: <command moreinfo="none">passwd chat = *new*password* %n\\n + *new*password* %n\\n *changed*</command></para> + <para>Example: <command moreinfo="none">passwd chat = "*Enter OLD password*" %o\\n + "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password + changed*"</command></para> + </listitem> + </samba:parameter> |