summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/passwdprogram.xml
blob: 4158c1b7a6acfc9c9f62bfaa27ff75e23b36efc8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<samba:parameter name="passwd program"
                 context="G"
				 type="string"
                 advanced="1" developer="1"
		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
    <para>The name of a program that can be used to set 
    UNIX user passwords.  Any occurrences of <parameter moreinfo="none">%u</parameter> 
    will be replaced with the user name. The user name is checked for 
    existence before calling the password changing program.</para>

    <para>Also note that many passwd programs insist in <emphasis>reasonable
    </emphasis> passwords, such as a minimum length, or the inclusion 
    of mixed case chars and digits. This can pose a problem as some clients 
    (such as Windows for Workgroups) uppercase the password before sending 
    it.</para>

    <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix 
    password sync</parameter> parameter is set to <constant>yes
    </constant> then this program is called <emphasis>AS ROOT</emphasis> 
    before the SMB password in the smbpasswd
    file is changed. If this UNIX password change fails, then 
    <command moreinfo="none">smbd</command> will fail to change the SMB password also 
    (this is by design).</para>

    <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter 
    is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> 
    for <emphasis>ALL</emphasis> programs called, and must be examined 
    for security implications. Note that by default <parameter moreinfo="none">unix 
    password sync</parameter> is set to <constant>no</constant>.</para>
	</description>

	<related>unix password symc</related>

	<value type="default"></value>
<value type="example">/bin/passwd %u</value>
</samba:parameter>