Yes.. cracklib support in Samba would be fantastic. In the meantime I've settled on doing weak password auditting on a weekly basis using John the Ripper, then having a lil' word with silly users.. :)
-- Cybr0t McWhulf On Thu, 2 Oct 2003, Adam Williams wrote: > > Before I begin, big thanks to John Terpstra for helping me out with my > > previous issues. > > But alas I have another issue, I need to enforce strong passwords on > > windows side (i.e. ctrl+alt+delete change password), minimum password > > length, can't be dictionary words, etc. etc. > > You can specify minimum password length, but not much beyond that. > There is a section of the Samba code that says "insert cracklib support > here". I'd image that is what we all want to see happen. > > > (Setup is Samba 3.0.0 as PDC with LDAP passdb) > > Same here. > > > >From what I undersatnd previously this could've been done using > > pam_smbpass or a policy pushed out from netlogon, but I'm dealing with a > > mixed environment of 2k/XP, and I read that nt4 policies don't work with > > XP. And it would appear that when using ldap password sync it bypasses > > pam(?). > > Yes, it does. > > > Also I've seen alot about Group Policy Editor, but it seems that's only > > useful if you're using AD. > > Is this perhaps the direction pdbedit is going towards? it would be quite > > nifty to have a single command to edit (or generate) domain policies. It > > seemed to work with altering the minimum password length, but it only goes so > > far. > > I think cracklib support in Samba is what we want. > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
