[Samba] Samba Authentication of Local Linux Users
Michael Thrift
mthrift at western.edu
Sat Feb 25 00:11:35 GMT 2006
Actually, I figured out what I wanted. I wasn't expressing it well,
mainly cause I couldn't think straight after staring at the monitor for
so long. Basically, what I didn't realize earlier is how pam_smbpasswd
worked. After stepping away from the problem for a few hours it hit me
with a huge "DUR!" pam_smbpasswd does exactly what I want. Of course I
don't want clear text passwords, so by using pam_smbpasswd it
automagically keeps both files up-to-date when a user changes their pass
through passwd (I recognize that I'm preaching to the choir). Thanks
for taking the time to read my post!
Mike.
Gordon Messmer wrote:
> Michael Thrift wrote:
>> I am not authenticating domain users, or windows users, and I don't
>> want to use smbpasswd. Is there some way to force samba to
>> authenticate against pam, and only pam? My goal is to not add an
>> administrative load whatsoever.
>
> The last goal is not one you can achieve.
>
> If you want to authenticate against PAM, you have to set "encrypt
> passwords = no". Note, however, that the man page says:
>
> The use of plain text passwords is NOT advised as support
> for this feature is no longer maintained in Microsoft Win-
> dows products. If you want to use plain text passwords you
> must set this parameter to no.
>
> Now, if you choose to set that option, you have to modify all of your
> clients, by importing the appropriate "PlainPassword.reg" file from
> the samba distribution.
>
> So, basically, you have a choice between modifying how you manage and
> change passwords, so that you can support a secure login method for
> SMB, or changing the configuration of all of your windows clients
> considerably degrading security.
>
More information about the samba
mailing list