1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
samba-mirror/docs-xml/smbdotconf/security/passwdchat.xml
Michael Adam 4a6a010e78 docs:smbdotconf: remove swat-specific flags.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-05-02 00:56:31 +02:00

60 lines
3.0 KiB
XML

<samba:parameter name="passwd chat"
context="G"
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This string controls the <emphasis>&quot;chat&quot;</emphasis>
conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and the local password changing
program to change the user's password. The string describes a
sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the
<smbconfoption name="passwd program"/> and what to expect back. If the expected output is not
received then the password is not changed.</para>
<para>This chat sequence is often quite site specific, depending
on what local methods are used for password control (such as NIS
etc).</para>
<para>Note that this parameter only is used if the <smbconfoption
name="unix password sync"/> parameter is set to <constant>yes</constant>. This sequence is
then called <emphasis>AS ROOT</emphasis> when the SMB password in the
smbpasswd file is being changed, without access to the old password
cleartext. This means that root must be able to reset the user's password without
knowing the text of the previous password. In the presence of
NIS/YP, this means that the <smbconfoption name="passwd program"/> must
be executed on the NIS master.
</para>
<para>The string can contain the macro <parameter
moreinfo="none">%n</parameter> which is substituted
for the new password. The old passsword (<parameter
moreinfo="none">%o</parameter>) is only available when
<smbconfoption name="encrypt passwords"/> has been disabled.
The chat sequence can also contain the standard macros
\n, \r, \t and \s to give line-feed, carriage-return, tab
and space. The chat sequence string can also contain
a '*' which matches any sequence of characters. Double quotes can
be used to collect strings with spaces in them into a single
string.</para>
<para>If the send string in any part of the chat sequence is a full
stop &quot;.&quot;, then no string is sent. Similarly, if the
expect string is a full stop then no string is expected.</para>
<para>If the <smbconfoption name="pam password change"/> parameter is set to <constant>yes</constant>, the
chat pairs may be matched in any order, and success is determined by the PAM result, not any particular
output. The \n macro is ignored for PAM conversions.
</para>
</description>
<related>unix password sync</related>
<related>passwd program</related>
<related>passwd chat debug</related>
<related>pam password change</related>
<value type="default">*new*password* %n\n *new*password* %n\n *changed*</value>
<value type="example">&quot;*Enter NEW password*&quot; %n\n &quot;*Reenter NEW password*&quot; %n\n &quot;*Password changed*&quot;</value>
</samba:parameter>