W2K Domain Login Problem with 2.2.0
Gerald Carter
gcarter at valinux.com
Mon Apr 23 14:06:44 GMT 2001
Jeremy Allison wrote:
>
> Ok - I've been playing with this a bit and I'm coming
> to the conclusion we should compile Linux Samba with
> pam turned *OFF* by default, and let those admins
> who want it recompile with the --with-pam option for
> a PDC.
Yeah!
> Now either we *always* control the pam.d/samba file that is
> used on install, or we skip this whole ugly mess and ship
> with PAM *off* by default, and let those admins who want
> it turn it on....
>
> What concerns me is shipping an rpm on Linux that *works*, out
> of the box for approx. 100% of our users. If adding pam by
> default takes that figure down to 99% then it's *NOT* worth
> the support hassles.
>
> It has to be *bulletproof*. I'm not sure it is right now
> due to the disparity in PAM modules/implementations on Linux
> and Solaris boxes.
>
> Thoughts anyone ?
I 100% agree. Also, we provided no documentation
on the change in semantics, so admins did not know
to expect different behavior. I like PAM in some things,
I'm just a little reserved about it in Samba. (I know
I'll get flamed for that later).
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list