[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

root honoring user password strength and history policies

I have been looking at implementing a Samba 2.2.X PDC
in a production environment. However, it is not
capable of supporting supporting some 'best practices'
password/security policies... primarily password
strength  and password history.

The reason for this is that Samba calls passwd as
root, and root is exempt from conditions set by
pam_unix. I have modified the 0.76 versions of
pam_unix_passwd.c and pam_cracklib.c to force root to
honor password history and strength... with certain
ass/u/m/ptions. Those ass/u/m/ptions are that shadow
passwords are enabled and that MD5 encryption is
enabled. (The changes should work against passwords in
/etc/password, but I haven't tested that.) So far, the
code seems to be working as intended.

If anyone is interested, I'd like to have others try
out the changes. If anyone would like to take what
I've done and make it a configurable option, that'd be
great, too. 

I would also like to engage a debate about what the
proper behavior of root should be when changing a
user's password. Because root is exempted from the
rules set for users by pam_unix, samba, and other
packages that call passwd as root, a simple (in this
example samba) implementation can effectively render a
password policy useless, as it can  happily allow
users to create easy to break passwords and does not
honor a password history policy. I firmly believe that
root should not be allowed to bypass the rules set for
the users when root must maintain a user's password
for whatever reason. This may fly in the face of what
root has been able to historically, but the root user
should not be allowed to be used as a tool by lazy
users to bypass an organization's security policy. 

I have only been looking at this from the point of
view of implementing a samba PDC in a production
environment, so my vision on this issue limited to
that point of view. If I've made some bad assumptions
of my own with the modifications, or there is
something else that addresses root honoring password
strength and history that I've missed, I'd like to
know. One could argue that Samba should not be calling
passwd as root, which I can agree with... but it
really doesn't address root honoring the password
rules set forth for the users. Modifying pam_unix
seems to make more sense to me because I see this as
something larger than a samba issue.

Do You Yahoo!?
HotJobs - Search Thousands of New Jobs

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []