Next update of VFS modules development guide

[kai/samba.git] / docs / smbdotconf / security / passwdprogram.xml

<samba:parameter name="passwd program"
                 context="G"
                                 type="string"
                 advanced="1" developer="1"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
    <para>The name of a program that can be used to set 
    UNIX user passwords.  Any occurrences of <parameter moreinfo="none">%u</parameter> 
    will be replaced with the user name. The user name is checked for 
    existence before calling the password changing program.</para>

    <para>Also note that many passwd programs insist in <emphasis>reasonable
    </emphasis> passwords, such as a minimum length, or the inclusion 
    of mixed case chars and digits. This can pose a problem as some clients 
    (such as Windows for Workgroups) uppercase the password before sending 
    it.</para>

    <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix 
    password sync</parameter> parameter is set to <constant>yes
    </constant> then this program is called <emphasis>AS ROOT</emphasis> 
    before the SMB password in the smbpasswd
    file is changed. If this UNIX password change fails, then 
    <command moreinfo="none">smbd</command> will fail to change the SMB password also 
    (this is by design).</para>

    <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter 
    is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> 
    for <emphasis>ALL</emphasis> programs called, and must be examined 
    for security implications. Note that by default <parameter moreinfo="none">unix 
    password sync</parameter> is set to <constant>no</constant>.</para>
        </description>

        <related>unix password symc</related>

        <value type="default"></value>
<value type="example">/bin/passwd %u</value>
</samba:parameter>