[Date Prev][Date Next]
Re: Samba, email, LDAP and password integration and management
You won't be able to use the same password-attributes for Windows and
other systems. Samba stores its data in two attributes (lmPassword and
ntPassword or similar). These are hashes of the user-password which
aren't compatible with - let's say - crypt or MD5 which are used by a
lot of Unix-flavors.
The only way is to store these passwords in different attributes and
synchronize them. Samba supports calling a script on password change
(see man smb.conf, search for "passwd program" and "passwd chat").
Linux can synchronize the windows-passwords via PAM. The
password-change script which would be called by Samba could check the
quality of the password.
We use a meta-directory infrastructure to support this; a separate
server sitting in front of the "master" which modifies some of the
operations passing through it, such as changes to userPassword.
Various hashes, renamings, etc can be generated in this fashion.
Note that if all you want to do is rename things, back-meta is a better
solution. It can't help you with password hashing, but it's much
Our prototype uses a modified back-perl, which we have not yet
submitted for inclusion in cvs HEAD. (Well it's submitted for
discussion, but that's all so far...)
If you have a single point where you can force your users to change
their password, such as a single website under your direct control, it
would probably be easiest to modify your password change cgi to update
all the various password attributes.