Authenticating as non-system users
Andrew Bartlett
abartlet at pcug.org.au
Fri Oct 26 05:25:02 GMT 2001
Radu Rendec wrote:
>
> Hi!
>
> I'm trying to develop a VFS module for an sql-based
> filesystem. I need to authenticate non-system users
> (user information is also held in an sql database)
> and I think PAM is one siple way to do it.
>
> The problem is that smbd needs an existing account on
> the system. I'd like samba to use a default account
> after the PAM authentication is done, no matter what
> the original username was.
>
> I had a look at the code and found out that samba
> automatically uses the guest account if the specified
> username doesn't exist. The problem is that after the
> PAM queries (which always succeed because I used
> pam_permit.so) the
> authentication fails with the following message in the
> logs:
> [2001/10/26 14:53:53, 4]
> smbd/password.c:password_ok(592)
> Null passwords not allowed.
>
> Any suggestions?
This is one of the things I am working towards in HEAD. I'll commit my
current changes shortly (in a few days, needs testing), after which it
should be quite possible to have fully authenticated users being mapped
to a guest user before being passed on to a VFS layer. I wouldn't use
PAM, I would write a passdb backend to store the info in your sql
database, and/or an authentication plugin with AuthRewrite code in
HEAD. Things work much smoother when encrypted passwords are being
used, thats why I would recommend avoiding PAM.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list