Hi all, Last night I did a "grep -i todo" in the source code, to see if I could contribute a little bit more ;-) I found the following:
smbd/chgpasswd.c: /* TODO: Add cracklib support here */ I started working on this last night (using SAMBA_3_0 branch) and do have something working (the "configure.in", documentation, etc is not done yet). I had to make my own "API" to cracklib to make this work because the original API uses getuid() and getpwuid() to get the username and fullname (gecos). I also found a lot of places in the cracklib code that is really not "full-proof". So... in the search for a better solution: Tonight, I checked the "cracklib" included in "npasswd". (I found a bug, it's also in the original cracklib!!!) There isn't a better "API", still uses getuid()/getpwuid(). If the original cracklib or npasswd's cracklib is a good idea for Samba, I'll contact the maintainer for both products and see if they agree to "update" their code with the new API and also update their download site(s). I have the feeling "cracklib original" is quite dead unless there is a new maintainer (found nothing on sourceforge / freshmeat) and might have better chances with the cracklib included in npasswd. Besides using cracklib for password changing, I thought of the following idea. Once "cracklib" is enable, have an attribute in smb.conf "force password change = yes". Then at logon if the password is found by cracklib, force the user to change their password right away. That's for Samba 3.0.1 ;-) unless I easily find how to do this! If you have other ideas let me know. Do I continue working on this or not? Best regards, Pierre B.