Kimmo Akkanen wrote:>
> >>In the smbpasswd file, can someone tell me what the last field in
each
> >>line means? This is the field that begins with "LCT-".
I'm trying to
> >>generate each line from the smb crypt perl module and I need to
know what
> >>to put there.
>
> > LCT == Last Change Time. It's the time in seconds since 1970 when
> > the password was last changed.
> > Jeremy.
>
> Correct me if I'm wrong, but this seems to give an easy
> way to implement "password expiry" or such parameter to
> Samba? Couldn't Samba just check this "LCT" from smbpassword
> and notify the user if it's more than what's given at smb.conf?
>
> This could perhaps be done manually now, but would be
> a nifty feature to have straight from smb.conf.
>
> Btw, Samba 2.2.2 is an excellent product - stable as a rock! =)
> Thanks!
There are two ways this can be done at the moment:
In HEAD, passwords expire every 21 days, unless the 'this account does
not expire' option is set (which is the default). By the time HEAD
becomes 3.0 there should be a sane way this can be controlled from
smb.conf.
In Samba 2.2 you can use PAM (compile --with-pam) for this. Keep your
PAM and Samba passwords in sync with the 'unix password sync' and
'pam
password change' options, and then you can enable 'obey pam
restrictions' to get password expiry - in the same way you get it for
SSH logins, for example.
Andrew Bartlett
--
Andrew Bartlett abartlet@pcug.org.au
Samba Team member, Build Farm maintainer abartlet@samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net