updateencrypted.xml   [plain text]

<samba:parameter name="update encrypted"
                 context="G"
                 basic="1" advanced="1" developer="1"
		 xmlns:samba="http://samba.org/common">
<listitem>

    <para>This boolean parameter allows a user logging on with
    a plaintext password to have their encrypted (hashed) password in
    the smbpasswd file to be updated automatically as they log
    on. This option allows a site to migrate from plaintext  	
    password authentication (users authenticate with plaintext  	
    password over the wire, and are checked against a UNIX account  	
    database) to encrypted password authentication (the SMB  	
    challenge/response authentication mechanism) without forcing all
    users to re-enter their passwords via smbpasswd at the time the 	
    change is made. This is a convenience option to allow the change
    over to encrypted passwords to be made over a longer period.
    Once all users have encrypted representations of their passwords
    in the smbpasswd file this parameter should be set to
    <constant>no</constant>.</para>

    <para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS">
    <parameter moreinfo="none">encrypt passwords</parameter></link> parameter must 
    be set to <constant>no</constant> when this parameter is set to <constant>yes</constant>.</para>

    <para>Note that even when this parameter is set a user 
    authenticating to <command moreinfo="none">smbd</command> must still enter a valid 
    password in order to connect correctly, and to update their hashed 
    (smbpasswd) passwords.</para>

    <para>Default: <command moreinfo="none">update encrypted = no</command></para>
</listitem>
</samba:parameter>