[ale] Password script for NT4 Linux environment

[Dan Newcombe]

On Thu, 9 Nov 2000, Ben Phillips wrote:
> On Thu, 9 Nov 2000, Martin Nichols wrote:
> > I am looking for a pasword script that when a windoze user changes his
> > password it will also change the password in Linux for the password and
> > samba files for that user.
> I assume the user in question is going to be running this as a shell
> command.  In which case, he should just use smbpasswd (you can always rename
> /usr/bin/passwd and replace it with a symlink to smbpasswd if you have to),
> and then enable password synchronization in /etc/smb.conf.

However, that won't do jack if the person changes their NT4 password.  The
smbpasswd will just deal with it if they change their unix password.
Unless it has some way of getting the fact the password changed on the PDC
and getting that password...which I hopefully doubt!

When a user changes their NT password, there is a registry key that tells
it what dll's to look at, and if those dll's export PasswordChangeNotify,
then call that function in that dll.  That function is handed the
username, uid, and new password.  You could then have that function call
your Linux box and hand it the new password.  

Microsoft actually does this with their "Unix services for NT/nt services
for unix" via a daemon that runs on the HP or Solaris box listening for
these changes.

This dll you write can also export a PasswordFilter function, which allows
you to provide your own "is this an okay" password checking.

Of course, there are two hurdles:
	1) development is a bitch cause every recompile requires a reboot
		to replace the dll
	2) convincing the sys admin of the NT box to let you put it on the 
		server.

For more info:
http://support.microsoft.com/support/kb/articles/Q151/0/82.asp?LN=EN-US&SD=gn&FR=0
or just search for PasswordChangeNotify in the Knowldege Base at
microsoft.com.

	-Dan

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.