From:    Cory Kapser 
To:    Mike Patterson 
Subject:    more notes on the se lab public machines
Date:    Fri, 8 Oct 2004 13:20:07 -0400 (EDT)

Here is how the password stuff works on the public access machines:

The public machines have a common passwd system (that probably should be changed to ldap but i don't feel like it). Windows uses the jasper samba server to authenticate users. So the windows boxes need to be in the SELAB domain (jasper is the domain controller). Root is the only user that can add machines to the domain...

Now, samba uses passwd syncronization, so when a windows user changes his/her password, it is going to change the linux password as well. That part is the easy part.

on the linux side things are a bit sillier. it uses nis, therefore it wants to use yppasswd to change passwords on domain controller. this will work, but samba will no longer be in sync. In theory there should be a server side setting that will tell nis to change the password in samba too, but I am not sure what it is, so I did the easy thing, I added a script to the linux boxes called remote-passwd and it is as follows:

root@tremblant cjkapser]# cat /usr/bin/remote-passwd
#!/bin/bash
smbpasswd -r jasper.uwaterloo.ca $1

So, even if you are root, you can just type remote-passwd and it will change the users passwd on jasper, provided you know the users old password.

I have made a symbolic link of this script to passwd and yppasswd so no one should be able to know the difference, but sometimes updates overwrite the passwd link. not sure how to fix that...

-- MikePatterson - 12 Oct 2004