[plug] Password syncing, comments/suggestions?

[Ben Jensz]

Hey all,

I was wondering whether anyone was willing to offer some advice,
suggestions or make comments on the following.

I've got two Linux boxes at work that both have services on them that
users login to.

One of them is the mail server and they all login via POP3 with their
individual users to download email.  The other box has Samba setup as a
PDC using encrypted passwords (Win XP Pro clients).  Both boxen are
running Red Hat 7.2 (no I haven't been entrapped by the dark art that is
Debian just yet :P).  Now I read somewhere in my travels that it was
possible to setup the machine using PAM to check user and password info
from the smbpasswd encrypted passwords file for the Linux system
generally (not just for SMB, but for access to other services on this
box).  Now password changing of the encrypted password in the smbpasswd
file from the Windows clients is working fine, so they can all change
their passwords for domain logons themselves without any divine
intervention (me :P)

Now I was looking for comments on doing that first off... whether it'll
even work, or how well it will work and any security issues that may
arise out of doing it like that.

Secondly, if the above will work properly, would it then be possible to
get the first box with the POP3 access on it to sync passwords with the
box that is running Samba somehow, or to even possibly read its user
info directly from the Samba box?

Basically I'm looking at it from two points, one being able to maintain
one set of users with identical passwords across both boxen, and
secondly, the users themselves being able to change their passwords (for
both machines) without me having to attend to them individually.

TIA to all that reply :).


/ Ben