[SUMMARY] Samba - replacing passwd command? from Paul Reilly on 2001-08-03 (tru64-unix-managers)

From: Paul Reilly <pareilly_at_tcd.ie>
Date: Fri, 03 Aug 2001 12:01:12 +0100 (IST)

Thanks to all who replied to my question about the wisdom of replacing the
passwd command with one of my own making. The concensus is this should
not cause a problem, as long as the new program behaves exactly as the
old one.

I've taken Jim Fitzmaurice's advice and I'm exploring using Expect to
handle this. It appears to be working great so far.

Here are the replies I received:

----------------------------------------------------------------------------
----------------------------------------------------------------------------

Paul Reilly (pareilly_at_tcd.ie) writes:
> Has anyone got a good way of keeping the Samba password file in sync with
> the UNIX password file ? I need to get the users to run smbclient at the
> same time as passwd, but of course they are not going to do this. I was thinking of
> replacing the /usr/bin/passwd command with a wrapper that calls both
> programs? This would work, but I think it may cause other problems if
> /usr/bin/passwd isn't the real passwd program (for instance does sysman
> use this command, or does it access the library functions directly?)

We've long since replaced `passwd' with our own script, both for
the Samba stuff and to enforce password quality. (We also
need to re-replace it every time the OS is upgraded...) I rename
it to /usr/bin/passwd.orig just in case it's needed. No ill effects
here.

-- 
-- Paul A. Sand                 | The ignorant and wise alike rejoice,
-- University of New Hampshire  | secure in their ignorance and wisdom.
-- pas_at_unh.edu                  |     (G*rd*n Fitch, rec.arts.books)
-- http://pubpages.unh.edu/~pas |
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
From: Jim Fitzmaurice <jpfitz_at_fnal.gov>
Subject: Re: Samba - replacing passwd command?
Paul,
    One word, "expect".
    The wrapper idea is great but users will balk at having to enter a
password 4 times. With "expect" you can write a wrapper that asks them for a
password, then asks them to verify it. Then it takes off and runs the
interactive commands inserting the password selected by the user. In fact
when you download and install "expect" (You'll need Tcl/Tk as well.) it has
an example of a script that does almost that exact thing. Of course the
example script logs into various machines and changes the password, but it
wouldn't take much modification to get it to do what you want. You can get
"expect" it's free, (as is Tcl/Tk) from the NIST web site. Just go to
http://expect.nist.gov/ and you'll find all the info you need.
Jim Fitzmaurice
jpfitz_at_fnal.gov
UNIX is very user friendly, It's just very particular about who it makes
friends with.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
From: Arnie Miles <miles_at_hood.edu>
You could probably create an Expect script that handled both duties at
once, and have your users use that to change their passwords.
Here at the College, we don't actually have any users who log directly
onto the box, so I've just made my UNIX machines members of the NT
Domain and use the NT password for everything.
Arnie Miles
Manager, End User Computing
Unix Systems Administrator
Hood College
401 Rosemont Avenue
Frederick, MD 21701
301.696.3929
----------------------------------------------------------------------------
----------------------------------------------------------------------------
From: Uwe Richter <ur_at_minet.uni-jena.de>
Subject: Re: Samba - replacing passwd command?
Hello Paul,
on our systems we do this with a shell script on unix that does
smbpasswd to samba-server-passowr-chat-file) and to a NT-Server
to get the passwords synced. We have C2 security and have to
sync the old passwd passwords, too.
If you want, i can send you the scripts.
Best regards
Uwe
Jena University, Faculty of Mathematics & Computer Science
Ernst-Abbe-Platz 1-4, Room#1219, D-07740 Jena, Germany
eMail: ur_at_inf.uni-jena.de   Tel. : +49.3641.9.46044
------------------------------------------------------------------
------------------------------------------------------------------

Received on Fri Aug 03 2001 - 11:02:50 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:42 NZDT