Nothing found at all on the Net: I'm looking up for an automatical synchonization of linux to samba (NOT Samba to Linux) passwords. I wrote a cgi web form that changes this password directly in the shadow file, using a crypted password (for security reasons I do not want to allow the passwords being stored in cleartext in the logfiles). Not using LDAP. All would be fine if the user logs in for a first time using ssh, but I have users that only use windows, so I cannot ask i.ex. a secretary to do that.
Basically, what I yet did is this: vi /etc/pam.d/common-password
password required pam_smbpass.so nullok use_authtok use_first_pass
- I also tried changepassword-0.9, but there is a bug that has never been solved by its programmer.
- Swat is not a solution to me.
I yet found the following sites, but still struggeling around...
-http://uranus.chrysocome.net/linux/smbfs/pam_smbpass.html
here some code of my perl cgi script:
# Crypt the password here so that it cannot be read in any logflie
my $cryptedShadowString = `echo "$new_passwd1"|openssl passwd -1 -stdin`;
chomp($cryptedShadowString);
(...)
open($result, '-|') || exec $SUDO, $EXECUTINGSCRIPT, $login, $old_passwd, $cryptedShadowString, $cryptedShadowString;
This will send the encrypted password to another perl script that writes it directly into the shadow file. (All the stuff is shibboleth protected, so I don't care about hackers coming from around the world).
I tried something like that in the execution script, but unfortunately it is not the solution:
# Do a first login to chat the new password to the samba password file:
sleep 2; # sleep a bit, for the next command:
system(" ( echo '') | exec '/bin/su' $login");
Someone can help me? Thx.
This is actually what a domain is for. Use either AD domain, either samba as DC, or just a LDAP as the password backend. Currently you are reinventing the wheel, and this wheel is in the form of a triangle.
Furthermore, you are trying to get the help in polishing what you think is a solution for a probably common task, while not mentioning what task is that. I bet it is standard unless you are doing some advanced research (but I'm sorry, your post clearly doesn't make that impression).