Combining "--complexity=off" and "check password script"

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Combining "--complexity=off" and "check password script"

Samba - General mailing list
I would like to understand how the "check password script" interacts
with enabling/disabling password complexity checks.

That is: if I configure

     check password script = /usr/local/samba/sbin/crackcheck -d
/var/cache/cracklib/cracklib_dict

is this called *in addition* to the default complexity checking, or
instead of it? And if I set

     samba-tool domain passwordsettings set --complexity=off

with a check password script configured, does this setting disable the
check password script as well, or just the built-in complexity checking?

What I am actually trying to achieve is:

- DISABLE the requirement for complex character sets in passwords, but
- ENABLE a dictionary check

following the NCSC password guidance:
https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

But looking at the samba4 source, I suspect that setting complexity=off
disables both checks. Is that correct?

Thanks,

Brian.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Combining "--complexity=off" and "check password script"

Samba - General mailing list
Mandi! Brian Candler via samba
  In chel di` si favelave...

> But looking at the samba4 source, I suspect that setting complexity=off
> disables both checks. Is that correct?

AFAI've tested in my environment, yes.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba