1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/docs-xml/smbdotconf/security/checkpasswordscript.xml
Garming Sam 878fa6ef7d check-password-script: Allow AD to execute these scripts
In contrast to source3, this is run as root and without substitution.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:14 +02:00

26 lines
1.1 KiB
XML

<samba:parameter name="check password script"
context="G"
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>The name of a program that can be used to check password
complexity. The password is sent to the program's standard input.</para>
<para>The program must return 0 on a good password, or any other value
if the password is bad.
In case the password is considered weak (the program does not return 0) the
user will be notified and the password change will fail.</para>
<para>In Samba AD, this script will be run <emphasis>AS ROOT</emphasis> by
<citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>8</manvolnum>
</citerefentry> without any substitutions.</para>
<para>Note: In the example directory is a sample program called <command moreinfo="none">crackcheck</command>
that uses cracklib to check the password quality.</para>
</description>
<value type="default"><comment>Disabled</comment></value>
<value type="example">/usr/local/sbin/crackcheck</value>
</samba:parameter>