On Wed, 31 Jul 2002, Michael Doerner wrote:
> > 1. Do you mean the whole line or the parameter change that greg proposed? > > I understood and tested it the way that I replaced the whole "passwd > chat" line with the "pam password change" (in SME 5.5), therefore there > was NO setting for "passwd chat" at that time. That was what I intended. > Reading now through the current smb.conf documentation, I understand it > that "pam password chat" works in combination with a "passwd chat" > parameter therefore the default "passwd chat" > (smb.conf docu.: "Default: passwd chat = *new*password* %n\n > *new*password* %n\n *changed*") must have worked well in my test. My understanding is that it doesn't work in combination with the "passwd chat" parameter. The "passwd chat" parameter becomes irrelevant (and unnecessary), since samba no longer uses the passwd program to change system passwords, but interfaces directly to the pam library which actually makes the change to /etc/shadow. You might be interested to know that the SME manager code also changes system passwords by interfacing directly to the PAM library. > > 2. Is this valid for 5.1.2? > > > > smb.conf docu.: > "pam password change (G) > > With the addition of better PAM support in Samba 2.2, this parameter, it > is possible to use PAM's password change control flag for Samba. If > enabled, then PAM will be used for password changes when requested by an > SMB client instead of the program listed in passwd program. It should be > possible to enable this without changing your passwd chat parameter for > most setups. " > > I would suspect that it should then also work with SME 5.1.2 since that > came with Samba 2.2.x Yes, it should work for 5.1.2, but the motivation for making the change is not there in 5.1.2, i.e. the "passwd chat" configuration correctly matches the behaviour of the passwd program, so it all works smoothly. The motivation for adding "pam password change" is that it will 1) fix a bug in 5.5 and 2) prevent the same bug from occurring again if the passwd program changes again. -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 592 5660 or 592 2122 Fax: +1 (613) 592 1175 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
