[Samba] PAM session trouble
Andrew Bartlett
abartlet at samba.org
Mon Aug 5 14:41:19 GMT 2002
Buchan Milne wrote:
>
> >
> > Well, there isn't any point. In Samba '2.999' aka HEAD snapshot Samba
> > will never call PAM for authenticaion when 'encrypt passwords = yes',
> > and while it will use pam for 'account' controls, it won't gain you
> > anything - its the same checks that are already done.
>
> Well, in 2.2.5, I can use "obey pam restrictions = yes" with winbind to
> create home directories via pam_mkhomedir. Are you saying
>
> 1)This won't work in 3.0
> 2)Samba does this (creating the homedir) already
> 3)"obey pam restrictions = yes" is effectively set (thus my:
>
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
> umask=0022
>
> in /etc/pam.d/samba will work anyway)?
Oops. Make that 'account and session'. Samba will contact PAM for
account and session checking, but using pam_smbpass for 'session' won't
work and 'account' is degenerate (double-checking). The only purpose
would be if you were using SWAT, and had a particular reason you wanted
to use 'samba' rather than system passwords for that service.
(and yes, they probably should use a different PAM config file).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list