1 files changed, 26 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/security/unixpasswordsync.xml b/docs-xml/smbdotconf/security/unixpasswordsync.xml
new file mode 100644
index 0000000..89b0158
--- /dev/null
+++ b/docs-xml/smbdotconf/security/unixpasswordsync.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="unix password sync"
+                 context="G"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>This boolean parameter controls whether Samba 
+    attempts to synchronize the UNIX password with the SMB password 
+    when the encrypted SMB password in the smbpasswd file is changed. 
+    If this is set to <constant>yes</constant> the program specified in the <parameter moreinfo="none">passwd
+    program</parameter> parameter is called <emphasis>AS ROOT</emphasis> -
+    to allow the new UNIX password to be set without access to the 
+    old UNIX password (as the SMB password change code has no
+    access to the old password cleartext, only the new).</para>
+
+    <para>This option has no effect if <command moreinfo="none">samba</command>
+    is running as an active directory domain controller, in that case have a
+    look at the <smbconfoption name="password hash gpg key ids"/> option and the
+    <command moreinfo="none">samba-tool user syncpasswords</command> command.</para>
+</description>
+
+<related>passwd program</related>
+<related>passwd chat</related>
+<related>password hash gpg key ids</related>
+
+<value type="default">no</value>
+</samba:parameter>