[Samba] Combining "--complexity=off" and "check password script"
- Date: Thu, 14 Dec 2017 11:13:04 +0000
- From: Brian Candler via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Combining "--complexity=off" and "check password script"
I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks.
That is: if I configurecheck password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict
is this called *in addition* to the default complexity checking, or instead of it? And if I set
samba-tool domain passwordsettings set --complexity=offwith a check password script configured, does this setting disable the check password script as well, or just the built-in complexity checking?
What I am actually trying to achieve is: - DISABLE the requirement for complex character sets in passwords, but - ENABLE a dictionary checkfollowing the NCSC password guidance: https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach
But looking at the samba4 source, I suspect that setting complexity=off disables both checks. Is that correct?
Thanks, Brian. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
- Follow-Ups:
- Re: [Samba] Combining "--complexity=off" and "check password script"
- From: Marco Gaiarin via samba
- Re: [Samba] Combining "--complexity=off" and "check password script"
- Prev by Date: Re: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.
- Next by Date: Re: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.
- Previous by thread: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.
- Next by thread: Re: [Samba] Combining "--complexity=off" and "check password script"
- Index(es):