Brian Candler
2017-Dec-14 11:13 UTC
[Samba] Combining "--complexity=off" and "check password script"
I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks. That is: if I configure check password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict is this called *in addition* to the default complexity checking, or instead of it? And if I set samba-tool domain passwordsettings set --complexity=off with a check password script configured, does this setting disable the check password script as well, or just the built-in complexity checking? What I am actually trying to achieve is: - DISABLE the requirement for complex character sets in passwords, but - ENABLE a dictionary check following the NCSC password guidance: https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach But looking at the samba4 source, I suspect that setting complexity=off disables both checks. Is that correct? Thanks, Brian.
Marco Gaiarin
2017-Dec-14 13:33 UTC
[Samba] Combining "--complexity=off" and "check password script"
Mandi! Brian Candler via samba In chel di` si favelave...> But looking at the samba4 source, I suspect that setting complexity=off > disables both checks. Is that correct?AFAI've tested in my environment, yes. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)