The Samba-Bugzilla – Bug 3356
No way to set LDAP bind passwd without having it visible on the command line
Last modified: 2006-01-11 05:09:02 UTC
To set the LDAP bind passwd for samba (in secrets.tdb) you must use "smbpasswd
It would be nice if smbpasswd would prompt for the password if it wasn't
supplied on the command line
Rationale is that for the brief time that smbpasswd is running, the password is
visible to everyone via /prov/$pid/cmdline, which isn't ideal.
This is a security issue. The smbpasswd program should support reading the
admin password from a prompt, and also support the -s option (read from stdin.)
Created attachment 1663 [details]
add -W option to smbpasswd for interacive or -s enhanced entry of LDAP rootdn passwd
The smbpasswd command uses -w (like the ldap* commands) for specifying the rootdn password. Since this requires an argument, I propose introducing -W with no arg to allow for interactive input or stdin (-s) to address the security concerns raised here.
Applied with 12840, thanks.