| 1 | <samba:parameter name="passwd chat"
|
|---|
| 2 | context="G"
|
|---|
| 3 | type="string"
|
|---|
| 4 | advanced="1" developer="1"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 | <para>This string controls the <emphasis>"chat"</emphasis>
|
|---|
| 8 | conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle>
|
|---|
| 9 | <manvolnum>8</manvolnum></citerefentry> and the local password changing
|
|---|
| 10 | program to change the user's password. The string describes a
|
|---|
| 11 | sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle>
|
|---|
| 12 | <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the
|
|---|
| 13 | <smbconfoption name="passwd program"/> and what to expect back. If the expected output is not
|
|---|
| 14 | received then the password is not changed.</para>
|
|---|
| 15 |
|
|---|
| 16 | <para>This chat sequence is often quite site specific, depending
|
|---|
| 17 | on what local methods are used for password control (such as NIS
|
|---|
| 18 | etc).</para>
|
|---|
| 19 |
|
|---|
| 20 | <para>Note that this parameter only is used if the <smbconfoption
|
|---|
| 21 | name="unix password sync"/> parameter is set to <constant>yes</constant>. This sequence is
|
|---|
| 22 | then called <emphasis>AS ROOT</emphasis> when the SMB password in the
|
|---|
| 23 | smbpasswd file is being changed, without access to the old password
|
|---|
| 24 | cleartext. This means that root must be able to reset the user's password without
|
|---|
| 25 | knowing the text of the previous password. In the presence of
|
|---|
| 26 | NIS/YP, this means that the <smbconfoption name="passwd program"/> must
|
|---|
| 27 | be executed on the NIS master.
|
|---|
| 28 | </para>
|
|---|
| 29 |
|
|---|
| 30 | <para>The string can contain the macro <parameter
|
|---|
| 31 | moreinfo="none">%n</parameter> which is substituted
|
|---|
| 32 | for the new password. The old passsword (<parameter
|
|---|
| 33 | moreinfo="none">%o</parameter>) is only available when
|
|---|
| 34 | <smbconfoption name="encrypt passwords"/> has been disabled.
|
|---|
| 35 | The chat sequence can also contain the standard macros
|
|---|
| 36 | \n, \r, \t and \s to give line-feed, carriage-return, tab
|
|---|
| 37 | and space. The chat sequence string can also contain
|
|---|
| 38 | a '*' which matches any sequence of characters. Double quotes can
|
|---|
| 39 | be used to collect strings with spaces in them into a single
|
|---|
| 40 | string.</para>
|
|---|
| 41 |
|
|---|
| 42 | <para>If the send string in any part of the chat sequence is a full
|
|---|
| 43 | stop ".", then no string is sent. Similarly, if the
|
|---|
| 44 | expect string is a full stop then no string is expected.</para>
|
|---|
| 45 |
|
|---|
| 46 | <para>If the <smbconfoption name="pam password change"/> parameter is set to <constant>yes</constant>, the
|
|---|
| 47 | chat pairs may be matched in any order, and success is determined by the PAM result, not any particular
|
|---|
| 48 | output. The \n macro is ignored for PAM conversions.
|
|---|
| 49 | </para>
|
|---|
| 50 |
|
|---|
| 51 | </description>
|
|---|
| 52 |
|
|---|
| 53 | <related>unix password sync</related>
|
|---|
| 54 | <related>passwd program</related>
|
|---|
| 55 | <related>passwd chat debug</related>
|
|---|
| 56 | <related>pam password change</related>
|
|---|
| 57 |
|
|---|
| 58 | <value type="default">*new*password* %n\n*new*password* %n\n *changed*</value>
|
|---|
| 59 | <value type="example">"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</value>
|
|---|
| 60 | </samba:parameter>
|
|---|
