blob: 22235322c8d911f0ebdc707f93d6b6fc80eb4fcc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
<samba:parameter name="passwd program"
context="G"
advanced="1" developer="1"
xmlns:samba="http://samba.org/common">
<listitem>
<para>The name of a program that can be used to set
UNIX user passwords. Any occurrences of <parameter moreinfo="none">%u</parameter>
will be replaced with the user name. The user name is checked for
existence before calling the password changing program.</para>
<para>Also note that many passwd programs insist in <emphasis>reasonable
</emphasis> passwords, such as a minimum length, or the inclusion
of mixed case chars and digits. This can pose a problem as some clients
(such as Windows for Workgroups) uppercase the password before sending
it.</para>
<para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix
password sync</parameter> parameter is set to <constant>yes
</constant> then this program is called <emphasis>AS ROOT</emphasis>
before the SMB password in the <ulink url="smbpasswd.5.html"><citerefentry>
<refentrytitle>smbpasswd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</ulink> file is changed. If this UNIX password change fails, then
<command moreinfo="none">smbd</command> will fail to change the SMB password also
(this is by design).</para>
<para>If the <parameter moreinfo="none">unix password sync</parameter> parameter
is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis>
for <emphasis>ALL</emphasis> programs called, and must be examined
for security implications. Note that by default <parameter moreinfo="none">unix
password sync</parameter> is set to <constant>no</constant>.</para>
<para>Not that this program is only invoked when a password change is
done via the smbd program, not when smbpasswd is used locally as root to
change a password. This means that you cannot run "smbpasswd USERNAME" as
root on the SMB server in order to test this parameter, but should run the
command "smbpasswd -r SMBMACHINE" as a non-root user instead if you want
to test the invocation of this program.</para>
<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix
password sync</parameter></link>.</para>
<para>Default: <command moreinfo="none">passwd program = /bin/passwd</command></para>
<para>Example: <command moreinfo="none">passwd program = /sbin/npasswd %u</command></para>
</listitem>
</samba:parameter>
|