I was setting up my samba installations adding some passwords complexity checks. But, at least for now, i cannot reject simple passwords (my user have to be educated first): i was thinking to a dirfferent approach, like the script return a 'score' for the password and if score are too low, the password duration are shorted. Implementation it is a matter of an c/perl/bash/... exercise, simply my intention was to use 'check password script' to score the password, log it somewhere and return 0, accepting the password, differing by some hour/day a check that parse user and password score, and if score are too low shorten the password duration. The trouble arise from the fact that 'check password script' does not expand %u (username) variable, so there's no way to associate the password score with the user. For more info, in Italian, look at: http://lists.xsec.it/pipermail/samba-it/2007-October/007293.html
Created attachment 4133 [details] Patch to implement Requested Enhancement This patch implements a way to pass username to the password check script
Patch commit to upstream. To use pass %u as a parameter to the check password script