[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Fri Dec 18 06:03:58 MST 2009


The branch, master has been updated
       via  72d68ac... s3-docs: mention pam_winbind.conf(5) manpage in pam_winbind(8) manpage.
       via  7481667... s3-docs: add new pam_winbind.conf(5) manpage.
      from  19cdcde... s4-dsdb: stop warnings about unknown struct GUID in prototypes

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 72d68acbf59aa8531cc132551cc8e8313b7dc3b7
Author: Günther Deschner <gd at samba.org>
Date:   Fri Dec 18 13:56:43 2009 +0100

    s3-docs: mention pam_winbind.conf(5) manpage in pam_winbind(8) manpage.
    
    Guenther

commit 74816678706b7028fa63a4e552887fcf98322711
Author: Günther Deschner <gd at samba.org>
Date:   Fri Dec 18 13:56:01 2009 +0100

    s3-docs: add new pam_winbind.conf(5) manpage.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/pam_winbind.8.xml              |    6 +-
 .../{pam_winbind.8.xml => pam_winbind.conf.5.xml}  |  154 ++++++--------------
 2 files changed, 47 insertions(+), 113 deletions(-)
 copy docs-xml/manpages-3/{pam_winbind.8.xml => pam_winbind.conf.5.xml} (56%)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/pam_winbind.8.xml b/docs-xml/manpages-3/pam_winbind.8.xml
index f8c4375..14f4e70 100644
--- a/docs-xml/manpages-3/pam_winbind.8.xml
+++ b/docs-xml/manpages-3/pam_winbind.8.xml
@@ -62,7 +62,9 @@
 		file situated at
 		<filename>/etc/security/pam_winbind.conf</filename>. Options
 		from the PAM configuration file take precedence to those from
-		the configuration file.
+		the configuration file. See
+		<citerefentry><refentrytitle>pam_winbind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+		for further details.
 
 		<variablelist>
 
@@ -231,6 +233,8 @@
 <refsect1>
 	<title>SEE ALSO</title>
 	<para><citerefentry>
+	<refentrytitle>pam_winbind.conf</refentrytitle>
+	<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
 	<refentrytitle>wbinfo</refentrytitle>
 	<manvolnum>1</manvolnum></citerefentry>, <citerefentry>
 	<refentrytitle>winbindd</refentrytitle>
diff --git a/docs-xml/manpages-3/pam_winbind.8.xml b/docs-xml/manpages-3/pam_winbind.conf.5.xml
similarity index 56%
copy from docs-xml/manpages-3/pam_winbind.8.xml
copy to docs-xml/manpages-3/pam_winbind.conf.5.xml
index f8c4375..113515c 100644
--- a/docs-xml/manpages-3/pam_winbind.8.xml
+++ b/docs-xml/manpages-3/pam_winbind.conf.5.xml
@@ -1,120 +1,92 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="pam_winbind.8">
+<refentry id="pam_winbind.conf.5">
 
 <refmeta>
-	<refentrytitle>pam_winbind</refentrytitle>
-	<manvolnum>8</manvolnum>
+	<refentrytitle>pam_winbind.conf</refentrytitle>
+	<manvolnum>5</manvolnum>
 	<refmiscinfo class="source">Samba</refmiscinfo>
-	<refmiscinfo class="manual">8</refmiscinfo>
+	<refmiscinfo class="manual">5</refmiscinfo>
 	<refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
 
 <refnamediv>
-	<refname>pam_winbind</refname>
-	<refpurpose>PAM module for Winbind</refpurpose>
+	<refname>pam_winbind.conf</refname>
+	<refpurpose>Configuration file of PAM module for Winbind</refpurpose>
 </refnamediv>
 
 <refsect1>
 	<title>DESCRIPTION</title>
 
-	<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+	<para>This configuration file is part of the <citerefentry><refentrytitle>samba</refentrytitle>
 	<manvolnum>7</manvolnum></citerefentry> suite.</para>
 
 	<para>
-	pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon.
+	pam_winbind.conf is the configuration file for the pam_winbind PAM
+	module. See
+	<citerefentry><refentrytitle>pam_winbind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+	for further details.
 	</para>
-
 </refsect1>
 
 <refsect1>
 	<title>SYNOPSIS</title>
 
 	<para>
-		Edit the PAM system config /etc/pam.d/service and modify it as the following example shows:
-		<programlisting>
-			    ...
-			    auth      required        pam_env.so
-			    auth      sufficient      pam_unix2.so
-			+++ auth      required        pam_winbind.so  use_first_pass
-			    account   requisite       pam_unix2.so
-			+++ account   required        pam_winbind.so  use_first_pass
-			+++ password  sufficient      pam_winbind.so
-			    password  requisite       pam_pwcheck.so  cracklib
-			    password  required        pam_unix2.so    use_authtok
-			    session   required        pam_unix2.so
-			+++ session   required        pam_winbind.so
-			    ...
-		</programlisting>
-
-		Make sure that pam_winbind is one of the first modules in the session part. It may retrieve
-		kerberos tickets which are needed by other modules.
+		The pam_winbind.conf configuration file is a classic ini-style
+		configuration file. There is only one section (global) where
+		various options are defined.
 	</para>
 </refsect1>
 
 <refsect1>
 	<title>OPTIONS</title>
 	<para>
-	
+
 		pam_winbind supports several options which can either be set in
 		the PAM configuration files or in the pam_winbind configuration
 		file situated at
 		<filename>/etc/security/pam_winbind.conf</filename>. Options
 		from the PAM configuration file take precedence to those from
-		the configuration file.
+		the pam_winbind.conf configuration file.
 
 		<variablelist>
 
 		<varlistentry>
-		<term>debug</term>
-		<listitem><para>Gives debugging output to syslog.</para></listitem>
+		<term>debug = yes|no</term>
+		<listitem><para>Gives debugging output to syslog. Defaults to "no".</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>debug_state</term>
-		<listitem><para>Gives detailed PAM state debugging output to syslog.</para></listitem>
+		<term>debug_state = yes|no</term>
+		<listitem><para>Gives detailed PAM state debugging output to syslog. Defaults to "no".</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>require_membership_of=[SID or NAME]</term>
+		<term>require_membership_of = [SID or NAME]</term>
 		<listitem><para>
 		If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
 		can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
 		SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or
 		<parameter>MYDOMAIN\\myuser</parameter>.  pam_winbind will, in that case, lookup the SID internally. Note that
 		NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
-		user is a member of with <command>wbinfo --user-sids=SID</command>.
+		user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>use_first_pass</term>
+		<term>try_first_pass = yes|no</term>
 		<listitem><para>
 		By default, pam_winbind tries to get the authentication token from a previous module. If no token is available
 		it asks the user for the old password. With this option, pam_winbind aborts with an error if no authentication
-		token from a previous module is available.
-		</para></listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>try_first_pass</term>
-		<listitem><para>
-				Same as the use_first_pass option (previous item), except that if the primary password is not
-				valid, PAM will prompt for a password.
-		</para></listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>use_authtok</term>
-		<listitem><para>
-		Set the new password to the one provided by the previously stacked password module. If this option is not set 
-		pam_winbind will ask the user for the new password.
+		token from a previous module is available. If a primary password is not valid, PAM will prompt for a password.
+		Default to "no".
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>krb5_auth</term>
+		<term>krb5_auth = yes|no</term>
 		<listitem><para>
 
 		pam_winbind can authenticate using Kerberos when winbindd is
@@ -125,15 +97,15 @@
 		MSRPC. When this parameter is used in conjunction with
 		<parameter>winbind refresh tickets</parameter>, winbind will
 		keep your Ticket Granting Ticket (TGT) uptodate by refreshing
-		it whenever necessary.
+		it whenever necessary. Defaults to "no".
 
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>krb5_ccache_type=[type]</term>
+		<term>krb5_ccache_type = [type]</term>
 		<listitem><para>
-		
+
 		When pam_winbind is configured to try kerberos authentication
 		by enabling the <parameter>krb5_auth</parameter> option, it can
 		store the retrieved Ticket Granting Ticket (TGT) in a
@@ -143,35 +115,35 @@
 		the form of /tmp/krb5cc_UID will be created, where UID is
 		replaced with the numeric user id.  Leave empty to just do
 		kerberos authentication without having a ticket cache after the
-		logon has succeeded.
+		logon has succeeded. This setting is empty by default.
 
 		</para></listitem>
 		</varlistentry>
-	
+
 		<varlistentry>
-		<term>cached_login</term>
+		<term>cached_login = yes|no</term>
 		<listitem><para>
-		Winbind allows to logon using cached credentials when <parameter>winbind offline logon</parameter> is enabled. To use this feature from the PAM module this option must be set.
+		Winbind allows to logon using cached credentials when <parameter>winbind offline logon</parameter> is enabled. To use this feature from the PAM module this option must be set. Defaults to "no".
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>silent</term>
+		<term>silent = yes|no</term>
 		<listitem><para>
-		Do not emit any messages.
+		Do not emit any messages. Defaults to "no".
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>mkhomedir</term>
+		<term>mkhomedir = yes|no</term>
 		<listitem><para>
 		Create homedirectory for a user on-the-fly, option is valid in
-		PAM session block.
+		PAM session block. Defaults to "no".
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>warn_pwd_expire</term>
+		<term>warn_pwd_expire = days</term>
 		<listitem><para>
 		Defines number of days before pam_winbind starts to warn about passwords that are
 		going to expire. Defaults to 14 days.
@@ -185,52 +157,10 @@
 </refsect1>
 
 <refsect1>
-	<title>PAM DATA EXPORTS</title>
-
-	<para>This section describes the data exported in the PAM stack which could be used in other PAM modules.</para>
-
-	<varlistentry>
-		<term>PAM_WINBIND_HOMEDIR</term>
-		<listitem>
-			<para>
-				This is the Windows Home Directory set in the profile tab in the user settings
-				on the Active Directory Server. This could be a local path or a directory on a
-				share mapped to a drive.
-			</para>
-		</listitem>
-	</varlistentry>
-	<varlistentry>
-		<term>PAM_WINBIND_LOGONSCRIPT</term>
-		<listitem>
-			<para>
-				The path to the logon script which should be executed if a user logs in. This is
-				normally a relative path to the script stored on the server.
-			</para>
-		</listitem>
-	</varlistentry>
-	<varlistentry>
-		<term>PAM_WINBIND_LOGONSERVER</term>
-		<listitem>
-			<para>
-				This exports the Active Directory server we are authenticating against. This can be
-				used as a variable later.
-			</para>
-		</listitem>
-	</varlistentry>
-	<varlistentry>
-		<term>PAM_WINBIND_PROFILEPATH</term>
-		<listitem>
-			<para>
-				This is the profile path set in the profile tab in the user settings. Normally
-				the home directory is synced with this directory on a share.
-			</para>
-		</listitem>
-	</varlistentry>
-</refsect1>
-
-<refsect1>
 	<title>SEE ALSO</title>
 	<para><citerefentry>
+	<refentrytitle>pam_winbind</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
 	<refentrytitle>wbinfo</refentrytitle>
 	<manvolnum>1</manvolnum></citerefentry>, <citerefentry>
 	<refentrytitle>winbindd</refentrytitle>
@@ -247,12 +177,12 @@
 
 <refsect1>
 	<title>AUTHOR</title>
-	
+
 	<para>
 	The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by
 	the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
 	</para>
-	
+
 	<para>This manpage was written by Jelmer Vernooij and Guenther Deschner.</para>
 
 </refsect1>


-- 
Samba Shared Repository


More information about the samba-cvs mailing list