diff options
| author | Gerald W. Carter <jerry@samba.org> | 2008-04-22 10:09:40 -0500 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 11:54:26 -0500 |
| commit | 9a7d6ed29d26a734f8b85dbabf5b1a4f9f6107f8 (patch) | |
| tree | 0df3c32812171d1f11b2574cc85c2a43051bdc6a /docs-xml/smbdotconf/security/passwdprogram.xml | |
| parent | 8a1804eb2e46ed0d53743107f8397badb958da83 (diff) | |
| download | samba-9a7d6ed29d26a734f8b85dbabf5b1a4f9f6107f8.tar.gz | |
Moving docs tree to docs-xml to make room for generated docs in the release tarball.
Diffstat (limited to 'docs-xml/smbdotconf/security/passwdprogram.xml')
| -rw-r--r-- | docs-xml/smbdotconf/security/passwdprogram.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/passwdprogram.xml b/docs-xml/smbdotconf/security/passwdprogram.xml new file mode 100644 index 00000000000..4158c1b7a6a --- /dev/null +++ b/docs-xml/smbdotconf/security/passwdprogram.xml @@ -0,0 +1,37 @@ +<samba:parameter name="passwd program" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>The name of a program that can be used to set + UNIX user passwords. Any occurrences of <parameter moreinfo="none">%u</parameter> + will be replaced with the user name. The user name is checked for + existence before calling the password changing program.</para> + + <para>Also note that many passwd programs insist in <emphasis>reasonable + </emphasis> passwords, such as a minimum length, or the inclusion + of mixed case chars and digits. This can pose a problem as some clients + (such as Windows for Workgroups) uppercase the password before sending + it.</para> + + <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix + password sync</parameter> parameter is set to <constant>yes + </constant> then this program is called <emphasis>AS ROOT</emphasis> + before the SMB password in the smbpasswd + file is changed. If this UNIX password change fails, then + <command moreinfo="none">smbd</command> will fail to change the SMB password also + (this is by design).</para> + + <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter + is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> + for <emphasis>ALL</emphasis> programs called, and must be examined + for security implications. Note that by default <parameter moreinfo="none">unix + password sync</parameter> is set to <constant>no</constant>.</para> + </description> + + <related>unix password symc</related> + + <value type="default"></value> +<value type="example">/bin/passwd %u</value> +</samba:parameter> |