Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Samba Reset password

by mkirank (Chaplain)
on Apr 12, 2003 at 09:44 UTC ( #250040=perlquestion: print w/ replies, xml ) Need Help??
mkirank has asked for the wisdom of the Perl Monks concerning the following question:

Hi, We use Samba (without pam)in our office and needed to do the following things 1.have users change their password once in 30 days
2.when a user wants to log in .. after 3 times of username/password mismatch the password should be reset
.. it has been quiet some time since i wrote programs in C ..i looked at the code (in C ) and could not figure out much so what i thought was when i enter a wrong password a entry is generated in the log file ,i search for that entry in the c files and in the next line i will do a system ("/use/bin/perl username pass") ..this will store the username and password and a counter in a database and when the counter reaches 5 i can reset the samba password ... can the wise monks tell me if this is a good solution and are there any perl modules through which i can reset the samba password ..also how can i force a user to change his password once in 30 days there any other way of acheiving this ??

Comment on Samba Reset password
Re: Samba Reset password
by tachyon (Chancellor) on Apr 12, 2003 at 10:00 UTC

    If you force users to change passwords every 30 days and don't let them reuse you will typically either end up with very weak passwords or people writing their passwords down, and often sticking them on their monitors! Most average users possibly can not remember 'decent' passwords and given a choice typically don't use them. This is exacerbated+++ if they are expected to change them every 30 days. Also if you let users select passwords you will likely end up with a PWD DB full of strings like '123456' 'QWERTY' 'god' 'opensesame' etc. I have used 123456, 234567, 345678, 456789 etc on systems where 1) I did not care much about the system security (probably covers a majority of users) and 2) some genius thought that forcing a change of passwords every 30 days was more secure than a single decent password in the first place.

    I don't quite understand how you want the reset to work. I hit 5 wrong passwords and then it resets the password? Doesn't that mean that there is effectively *no password*. If I know a username I just enter 5 wrong passwords, get a reset, and then I'm in.....

    The most effective protection against brute forcing passwords is simply to put a 2-5 second delay before retries. Not long enough to annoy the users but long enough to stop automated brute forcing. No lockouts are needed (which are a pain as someone - ie you - has to do the resets)

    Oh and as to your question. It sounds as though your samba authentication is working against the Samba passwd file in /etc/smbpasswd. This is a typical *nix passwd file and can be modified using passwd(1) so man it ( you are interested in the -n -x -i and -w options )




Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://250040]
Approved by tachyon
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (14)
As of 2014-07-31 19:36 GMT
Find Nodes?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:

    Results (252 votes), past polls