[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: SAMBA digest 326
From: samba () anu ! edu ! au
Date: 1995-01-30 7:10:46
[Download RAW message or body]
SAMBA Digest 326
Topics covered in this issue include:
1) Password change
by Jeanette Pauline Middelink <middelin@polyware.iaf.nl>
----------------------------------------------------------------------
Date: Sat, 28 Jan 1995 22:36:32 +0100 (MET)
From: Jeanette Pauline Middelink <middelin@polyware.iaf.nl>
To: samba@cscgpo.anu.edu.au
Subject: Password change
Message-ID: <199501282136.WAA01449@calvin.polyware.iaf.nl>
Hi all,
Just did some checking on the password_change in Samba 1.9.02
and WfW3.11. I discovered that Samba (on Linux with shadow
passwords) does not allow changes.
The problem lays in the fact that it first tries to verify
the old password and tries to fetch it with getspnam(name).
This does not work under non-root-uid (or non-shadow-guid)!
(Samba switched to the uid of the requesting user, remember?)
So, getspnam returns NULL and the password in /etc/passwd will
be used (Yuk! - security alert here!). Since this is a 'x'
or a '*' not much will pass....
Oh, and even when you *do* get passed the password_check,
there still is a problem in chgpassword. This function
checks for '*old*password' and Linux's password says:
'Old Password:' :))
Met vriendelijke groet,
Pauline Middelink
+------------------------------+-------------------------------------+
| Jeanette Pauline Middelink | email : middelin@polyware.iaf.nl |
| Boterkorfhoek 34 | zakelijk : 053-776184 |
| 7546 JA Enschede, Holland | prive : 053-771147 |
+------------------------------+-------------------------------------+
------------------------------
End of SAMBA Digest 326
***********************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic