Bug 5018 - There's no %u expansion for 'check password script'
Summary: There's no %u expansion for 'check password script'
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.0.24
Hardware: All Linux
: P3 enhancement
Target Milestone: none
Assignee: Simo Sorce
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-12 07:02 UTC by Marco Gaiarin
Modified: 2009-05-09 11:16 UTC (History)
0 users

See Also:


Attachments
Patch to implement Requested Enhancement (2.49 KB, patch)
2009-05-09 11:16 UTC, Simo Sorce
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marco Gaiarin 2007-10-12 07:02:48 UTC
I was setting up my samba installations adding some passwords complexity checks.

But, at least for now, i cannot reject simple passwords (my user have to be educated first): i was thinking to a dirfferent approach, like the script return a 'score' for the password and if score are too low, the password duration are shorted.

Implementation it is a matter of an c/perl/bash/... exercise, simply my intention was to use 'check password script' to score the password, log it somewhere and return 0, accepting the password, differing by some hour/day a check that parse user and password score, and if score are too low shorten the password duration.

The trouble arise from the fact that 'check password script' does not expand %u (username) variable, so there's no way to associate the password score with the user.

For more info, in Italian, look at:
   http://lists.xsec.it/pipermail/samba-it/2007-October/007293.html
Comment 1 Simo Sorce 2009-05-09 11:16:05 UTC
Created attachment 4133 [details]
Patch to implement Requested Enhancement

This patch implements a way to pass username to the password check script
Comment 2 Simo Sorce 2009-05-09 11:16:59 UTC
Patch commit to upstream.
To use pass %u as a parameter to the check password script