I have been looking at implementing a Samba 2.2.X PDC in a production environment. However, it is not capable of supporting supporting some 'best practices' password/security policies... primarily password strength and password history. The reason for this is that Samba calls passwd as root, and root is exempt from conditions set by pam_unix. I have modified the 0.76 versions of pam_unix_passwd.c and pam_cracklib.c to force root to honor password history and strength... with certain ass/u/m/ptions. Those ass/u/m/ptions are that shadow passwords are enabled and that MD5 encryption is enabled. (The changes should work against passwords in /etc/password, but I haven't tested that.) So far, the code seems to be working as intended. If anyone is interested, I'd like to have others try out the changes. If anyone would like to take what I've done and make it a configurable option, that'd be great, too. I would also like to engage a debate about what the proper behavior of root should be when changing a user's password. Because root is exempted from the rules set for users by pam_unix, samba, and other packages that call passwd as root, a simple (in this example samba) implementation can effectively render a password policy useless, as it can happily allow users to create easy to break passwords and does not honor a password history policy. I firmly believe that root should not be allowed to bypass the rules set for the users when root must maintain a user's password for whatever reason. This may fly in the face of what root has been able to historically, but the root user should not be allowed to be used as a tool by lazy users to bypass an organization's security policy. I have only been looking at this from the point of view of implementing a samba PDC in a production environment, so my vision on this issue limited to that point of view. If I've made some bad assumptions of my own with the modifications, or there is something else that addresses root honoring password strength and history that I've missed, I'd like to know. One could argue that Samba should not be calling passwd as root, which I can agree with... but it really doesn't address root honoring the password rules set forth for the users. Modifying pam_unix seems to make more sense to me because I see this as something larger than a samba issue. __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com
