java UI wrapper for 'smbpasswd' - change remote ADS password on Mac OS X

Chris Friedt Chfriedt-0jnyayh6ARPqzrOJbVgLALDks+cytr/Z at public.gmane.org
Thu Nov 24 18:04:53 UTC 2005


Recently at Ryerson we've had a lot of Mac users who wish to use our
Microsoft Active Directory Servers (ADS) for sharing files within their
departments. The 'smbutil' binary on the Mac OS X is good for mounting
ADS shares, but it doesn't actually allow end-users to change their
network passwords. 

I've been using Samba for a long time, and am quite familiar with it.
So what I did was 

1) statically compile the 'smbpasswd' binary for the powerpc-*-*
platform 
2) write a Java app that exec()'s "smbpasswd -U <user> -r <ADS
Server>"
3) created another thread with a form that simply pipes stdin / stderr
to that process
3) freely distribute the source / binary / GPL for smbpasswd, and my
SmbPass.jar file - it even has a nice little .dmg / installer ;-) 

Now all of the Mac users at Ryerson are able to change their passwords
on remote ADS machines with a pretty UI. 

I GUESS the Mac users could run the actual smbpasswd binary that I ship
them - or even compile it themselves, or use fink, etc  - but then do
most Mac users even know what the Terminal is ? 

The funny thing about all of this is that Ryerson probably would have
spent $1,500 on license fees / software to buy some commercial app for
this extremely simple task.

The only reason why I thought I'd post this is because I did all the
development / testing on a Linux box - so it works as a Java UI wrapper
for smbpasswd on Linux as well :)

With eclipse it literally only took me like 3 days to have it working
completely - and that was doing it for a few minute here, or a few
minutes there in my spare time. 

Aside from the obvious harm that could come if someone were to replace
the smbpasswd binary after it's been installed on that machine, does
anyone know of a good security measure? 

I'm thinking about md5-ing the actual smbpasswd binary that I ship, so
that if it doesn't match the exact hash I could give a warning to the
user and exit.

______________________________
Christopher Friedt
Ryerson University
Computing & Communication Services
(416) 979-5000 x6831
chfriedt-0jnyayh6ARPqzrOJbVgLALDks+cytr/Z at public.gmane.org
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list