On Wed, Jun 14, 2000 at 02:10:09PM +0100, Zak Kipling wrote: > I'm no PAM or SMB expert, but I would imagine (if it hasn't been done) it > would be feasible to make a stacked "password" module to do the reverse, > ie to update the SMB password (including optionally creating the entry in > the smbpasswd file if it doesn't exist) when the "passwd" command is used > to change the unix password.
Yes. That would help a lot. We have a setup, for example, where all account data (including the encrypted password) is stored in a PostgreSQL database. Therefore it is not possible to compare this encrypted password to the encrypted SMB password. And we don't want a duplication of the password field in the database either. > A mechanism would obviously be required to prevent a loop situation when > both options are used simultaneously. If Samba carried out the actual SMB > password update via PAM, then this should allow for the required > flexibiliity, with either one or both off the unix/SMB password setting > modules used by passwd and smbd as desired. This would hopefully eliminate > the need for the "password sync" option with its dependence on the precise > prompt string produced by the "passwd" command. This loop protection is not really necessary since every program/daemon can be configured separately. - Sebastian
