pam_smbpass
Andrew Bartlett
abartlet at pcug.org.au
Tue May 15 23:44:37 GMT 2001
Brad Langhorst wrote:
>
> > However, when you want ALL authentication modules to say 'YES' before
> > things procede, you need to make them all 'required'. But if you
> > 'require' pam_deny, then they will all fail. So you remove the
> > pam_deny, knowing that the user is 'required' to pass both pam_smbpass
> > and pam_unix in any case.
> >
> > Hope this clears it up,
> very much so!
> The multiple sufficient lines had me all screwed up - now i think i
> understand that those only fail because we are changing the password.
> thanks!
>
> After your change and making a symlink to smbpasswd in /etc (from
> /etc/samba/smbpasswd) things seem to be working
> with one caveat...
>
> when a user types passwd he is prompted for both
> the old unix password AND the old samba password.
>
> This is inconvenient so I've tried a couple of things to avoid it.
> Putting "use_first_pass" on the smbpass causes the password
> change to fail with
> "password - (old) token not obtained"
> if smbpass is aboce pam_unix
>
> it fails saying "No password supplied" if it's below.
>
> Is there a way to fix that final quirk?
>
> thanks for your help!
>
> brad
I have:
password optional /lib/security/pam_smbpass.so use_first_pass
use_authtok
In my system-auth file. The optional bit is to bring the password back
into line, checking only the unix password db. But the bit your
interested in is the 'use_authtok'. See if that helps.
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba-technical
mailing list