summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/passwdchat.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/security/passwdchat.xml')
-rw-r--r--docs/docbook/smbdotconf/security/passwdchat.xml58
1 files changed, 58 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/passwdchat.xml b/docs/docbook/smbdotconf/security/passwdchat.xml
new file mode 100644
index 0000000000..922f1a878c
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/passwdchat.xml
@@ -0,0 +1,58 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term>
+ <listitem><para>This string controls the <emphasis>&quot;chat&quot;</emphasis>
+ conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> and the local password changing
+ program to change the user's password. The string describes a
+ sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the
+ <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter>
+ </link> and what to expect back. If the expected output is not
+ received then the password is not changed.</para>
+
+ <para>This chat sequence is often quite site specific, depending
+ on what local methods are used for password control (such as NIS
+ etc).</para>
+ <para>Note that this parameter only is only used if the <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix
+ password sync</parameter></link> parameter is set to <constant>yes</constant>. This
+ sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password
+ in the smbpasswd file is being changed, without access to the old
+ password cleartext. This means that root must be able to reset the user's password
+ without knowing the text of the previous password. In the presence of NIS/YP,
+ this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be
+ executed on the NIS master.
+ </para>
+
+
+ <para>The string can contain the macro <parameter moreinfo="none">%n</parameter> which is substituted
+ for the new password. The chat sequence can also contain the standard
+ macros <constant>\\n</constant>, <constant>\\r</constant>, <constant>
+ \\t</constant> and <constant>\\s</constant> to give line-feed,
+ carriage-return, tab and space. The chat sequence string can also contain
+ a '*' which matches any sequence of characters.
+ Double quotes can be used to collect strings with spaces
+ in them into a single string.</para>
+
+ <para>If the send string in any part of the chat sequence
+ is a full stop &quot;.&quot;, then no string is sent. Similarly,
+ if the expect string is a full stop then no string is expected.</para>
+
+ <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam
+ password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs
+ may be matched in any order, and success is determined by the PAM result,
+ not any particular output. The \n macro is ignored for PAM conversions.
+ </para>
+
+ <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix password
+ sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">
+ passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG">
+ <parameter moreinfo="none">passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE">
+ <parameter moreinfo="none">pam password change</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">passwd chat = *new*password* %n\\n
+ *new*password* %n\\n *changed*</command></para>
+ <para>Example: <command moreinfo="none">passwd chat = &quot;*Enter OLD password*&quot; %o\\n
+ &quot;*Enter NEW password*&quot; %n\\n &quot;*Reenter NEW password*&quot; %n\\n &quot;*Password
+ changed*&quot;</command></para>
+ </listitem>
+ </samba:parameter>