diff options
Diffstat (limited to 'docs-xml/smbdotconf/security/checkpasswordscript.xml')
| -rw-r--r-- | docs-xml/smbdotconf/security/checkpasswordscript.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/checkpasswordscript.xml b/docs-xml/smbdotconf/security/checkpasswordscript.xml new file mode 100644 index 0000000..18aa2c6 --- /dev/null +++ b/docs-xml/smbdotconf/security/checkpasswordscript.xml @@ -0,0 +1,43 @@ +<samba:parameter name="check password script" + context="G" + type="string" + substitution="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The name of a program that can be used to check password + complexity. The password is sent to the program's standard input.</para> + + <para>The program must return 0 on a good password, or any other value + if the password is bad. + In case the password is considered weak (the program does not return 0) the + user will be notified and the password change will fail.</para> + + <para>In Samba AD, this script will be run <emphasis>AS ROOT</emphasis> by + <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>8</manvolnum> + </citerefentry> without any substitutions.</para> + + <para>Note that starting with Samba 4.11 the following environment variables are exported to the script:</para> + + <itemizedlist> + <listitem><para> + SAMBA_CPS_ACCOUNT_NAME is always present and contains the sAMAccountName of user, + the is the same as the %u substitutions in the none AD DC case. + </para></listitem> + + <listitem><para> + SAMBA_CPS_USER_PRINCIPAL_NAME is optional in the AD DC case if the userPrincipalName is present. + </para></listitem> + + <listitem><para> + SAMBA_CPS_FULL_NAME is optional if the displayName is present. + </para></listitem> + </itemizedlist> + + <para>Note: In the example directory is a sample program called <command moreinfo="none">crackcheck</command> + that uses cracklib to check the password quality.</para> + +</description> + +<value type="default"><comment>Disabled</comment></value> +<value type="example">/usr/local/sbin/crackcheck</value> +</samba:parameter> |