Samba/HP-UX question.
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Thu Jan 17 06:12:46 GMT 2002
Hi Andrew,
The latest 2.2.3 CVS has all the changes necessary to build winbindd on
HP-UX, if you are using the HPUX ANSI C compiler. It's very new, but have
been able to use it to get telnet and ftp access to hpux by logging in as
DOMAIN/NTUSERNAME and being authenticated via pam_winbind to the NT Domain
that samba joined... Still needs a LOT of testing, but anyone with HP-UX
that wants to play around with this functionality should check out the
latest 2.2 CVS tree...
Hope this helps,
Don
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at pcug.org.au]
Sent: Thursday, January 17, 2002 7:17 AM
To: Ladner, Eric (Eric.Ladner)
Cc: 'samba at lists.samba.org'
Subject: Re: Samba/HP-UX question.
"Ladner, Eric (Eric.Ladner)" wrote:
>
> Couple of questinos.. I've poked around the web a bit and the Samba
> documentation and haven't really found a good answer.
>
> Given an HP-UX 11.0 system and the latest 2.X Samba distro, here's what
I'm
> trying to do:
>
> Use Samba (possibly with winbind?) functionality to allow authentication
via
> a NT PDC.
>
> The problem I'm having visualizing is how that authentication happens. At
> the system level, all of these things go through getpwent (or the
> secure/shadow version of that call). How exaclty can that call be
hijacked
> by Samba and redirected to an NT domain for authentication?
Winbind simply disables all passwords in this case.
> The basic problem is that we have an application (call it X) that requires
a
> LOT of users and concequently a LOT of password changes, corporate IT
> password standards that the application dosn't support, etc.. It's messy.
>
> What we'd like to see is that the username/password that the user types in
> to the application interface is authenticated via a PDC rather than the
> /etc/passwd file.
>
> This application does NOT use PAM. This I think has been my roadblock up
to
> now.
And so it shal remain. If you have the sources for the app you could
use the winbind interface directly, without going via PAM.
> Does the getpwent code have flexibility? I.e. can something be put in
> resolv.conf to allow for alternate resolution for passwords? Did I miss a
> document somewhere?
What you propose (somehow putting a crypt-compatible password in a
getent return isn't possible.
> Sorry for the rambling email, but I'm not sure where to start at the
moment.
BTW, does winbind support HP-UX yet?
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list