I have set the following in [global], for changing kerberos password passwd program = /usr/local/sbin/change-kerberos-password.sh %u passwd chat = "*Password:*" %n\n *Done* change-kerberos-password.sh #!/bin/bash THEUSER=$1 echo -n "Password: " stty -echo read THEPASS stty echo echo TEST_USER_EXISTS=`/usr/kerberos/sbin/kadmin.local -q "getprinc $THEUSER" 2> /dev/null | grep ^Principal | wc -l` if [ $TEST_USER_EXISTS -eq 1 ] ; then /usr/kerberos/sbin/kadmin.local -q "cpw -pw \"$THEPASS1\" $THEUSER" > /dev/null 2>&1 fi echo Done exit 0 The Problem: THEPASS will never get a " when I change the password either I attempt change the password in Windows Ctrl+Alt+Del or using smbpasswd -r Outcome: The Samba will have updated with password but the Kerberos will have the password with " omitted
still valid for 4.8 and master
simple reproducer to show the missing doublequote: passwd program = /usr/local/bin/pwd-dump.pl %u passwd chat = "*Password:*" %n\n *Done* with pwd-dump.pl as simple as this: #!/usr/bin/perl open(OUTFILE, ">", "/tmp/pwdump"); print "Password:"; for (@ARGV) { print OUTFILE "$_\n"; } my $pw = <STDIN>; print OUTFILE "$pw\n"; print "Done"; I don't see where it gets lost though. Jeremy, do you have any idea on this?