[SCM] Samba Shared Repository - branch v3-4-test updated -
release-4-0-0alpha7-1134-g9b3d5fc
Karolin Seeger
kseeger at samba.org
Mon Jun 15 11:25:06 GMT 2009
The branch, v3-4-test has been updated
via 9b3d5fc7de1103a634b86ff4d18ceb146ca6b027 (commit)
via d547aab1511c72e1cab034e2945f6ad63bda6659 (commit)
via 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1 (commit)
via 24d6f697844bc85a03c047e5470abcfdd53735a2 (commit)
via 55df96313c5b966f41b0b5c426cf6a420cafa855 (commit)
from e24c2401750212d7212952f574ed9765fb1f2e8e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 9b3d5fc7de1103a634b86ff4d18ceb146ca6b027
Author: Andreas Schneider <mail at cynapses.org>
Date: Mon Jun 15 12:22:58 2009 +0200
Fix the section of the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail at cynapses.org>
commit d547aab1511c72e1cab034e2945f6ad63bda6659
Author: Andreas Schneider <mail at cynapses.org>
Date: Mon Jun 15 12:21:07 2009 +0200
Move pam_winbind to the right manpage section (8).
Signed-off-by: Andreas Schneider <mail at cynapses.org>
(cherry picked from commit 59ab1574e41993d24733affbca07d3f7da245fc7)
commit 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1
Author: Andreas Schneider <mail at cynapses.org>
Date: Mon Jun 15 12:16:49 2009 +0200
Dcoument the PAM data exports in the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail at cynapses.org>
(cherry picked from commit 1809ff4b2339bd3066532abccea0944da45edf64)
commit 24d6f697844bc85a03c047e5470abcfdd53735a2
Author: Andreas Schneider <mail at cynapses.org>
Date: Mon Jun 15 12:16:15 2009 +0200
Document the try_first_pass option in the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail at cynapses.org>
(cherry picked from commit 779eea49de3f53040fe792de4b74b73a0c51ecb3)
commit 55df96313c5b966f41b0b5c426cf6a420cafa855
Author: Andreas Schneider <mail at cynapses.org>
Date: Mon Jun 15 12:15:26 2009 +0200
Add a synopsis section to the pam_winbind manpage.
Signed-off-by: Andreas Schneider <mail at cynapses.org>
(cherry picked from commit 24f9f32fedb92f881658db856db15173e57af0bd)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/Samba3-HOWTO/manpages.xml | 2 +-
.../{pam_winbind.7.xml => pam_winbind.8.xml} | 90 ++++++++++++++++++--
2 files changed, 82 insertions(+), 10 deletions(-)
rename docs-xml/manpages-3/{pam_winbind.7.xml => pam_winbind.8.xml} (70%)
Changeset truncated at 500 lines:
diff --git a/docs-xml/Samba3-HOWTO/manpages.xml b/docs-xml/Samba3-HOWTO/manpages.xml
index 4de54bf..eef4207 100644
--- a/docs-xml/Samba3-HOWTO/manpages.xml
+++ b/docs-xml/Samba3-HOWTO/manpages.xml
@@ -22,7 +22,7 @@
<xi:include href="../manpages-3/nmbd.8.xml"/>
<xi:include href="../manpages-3/nmblookup.1.xml"/>
<xi:include href="../manpages-3/ntlm_auth.1.xml"/>
- <xi:include href="../manpages-3/pam_winbind.7.xml"/>
+ <xi:include href="../manpages-3/pam_winbind.8.xml"/>
<xi:include href="../manpages-3/pdbedit.8.xml"/>
<xi:include href="../manpages-3/profiles.1.xml"/>
<xi:include href="../manpages-3/rpcclient.1.xml"/>
diff --git a/docs-xml/manpages-3/pam_winbind.7.xml b/docs-xml/manpages-3/pam_winbind.8.xml
similarity index 70%
rename from docs-xml/manpages-3/pam_winbind.7.xml
rename to docs-xml/manpages-3/pam_winbind.8.xml
index ced6174..730ad96 100644
--- a/docs-xml/manpages-3/pam_winbind.7.xml
+++ b/docs-xml/manpages-3/pam_winbind.8.xml
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="pam_winbind.7">
+<refentry id="pam_winbind.8">
<refmeta>
<refentrytitle>pam_winbind</refentrytitle>
- <manvolnum>7</manvolnum>
+ <manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">7</refmiscinfo>
- <refmiscinfo class="version">3.4</refmiscinfo>
+ <refmiscinfo class="manual">8</refmiscinfo>
+ <refmiscinfo class="version">3.5</refmiscinfo>
</refmeta>
@@ -29,6 +29,31 @@
</refsect1>
<refsect1>
+ <title>SYNOPSIS</title>
+
+ <para>
+ Edit the PAM system config /etc/pam.d/service and modify it as the following example shows:
+ <programlisting>
+ ...
+ auth required pam_env.so
+ auth sufficient pam_unix2.so
+ +++ auth required pam_winbind.so use_first_pass
+ account requisite pam_unix2.so
+ +++ account required pam_winbind.so use_first_pass
+ +++ password sufficient pam_winbind.so
+ password requisite pam_pwcheck.so cracklib
+ password required pam_unix2.so use_authtok
+ session required pam_unix2.so
+ +++ session required pam_winbind.so
+ ...
+ </programlisting>
+
+ Make sure that pam_winbind is one of the first modules in the session part. It may retrieve
+ kerberos tickets which are needed by other modules.
+ </para>
+</refsect1>
+
+<refsect1>
<title>OPTIONS</title>
<para>
@@ -64,11 +89,6 @@
</varlistentry>
<varlistentry>
- <term>try_first_pass</term>
- <listitem><para></para></listitem>
- </varlistentry>
-
- <varlistentry>
<term>use_first_pass</term>
<listitem><para>
By default, pam_winbind tries to get the authentication token from a previous module. If no token is available
@@ -78,6 +98,14 @@
</varlistentry>
<varlistentry>
+ <term>try_first_pass</term>
+ <listitem><para>
+ Same as the use_first_pass option (previous item), except that if the primary password is not
+ valid, PAM will prompt for a password.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>use_authtok</term>
<listitem><para>
Set the new password to the one provided by the previously stacked password module. If this option is not set
@@ -157,6 +185,50 @@
</refsect1>
<refsect1>
+ <title>PAM DATA EXPORTS</title>
+
+ <para>This section describes the data exported in the PAM stack which could be used in other PAM modules.</para>
+
+ <varlistentry>
+ <term>PAM_WINBIND_HOMEDIR</term>
+ <listitem>
+ <para>
+ This is the Windows Home Directory set in the profile tab in the user settings
+ on the Active Directory Server. This could be a local path or a directory on a
+ share mapped to a drive.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_WINBIND_LOGONSCRIPT</term>
+ <listitem>
+ <para>
+ The path to the logon script which should be executed if a user logs in. This is
+ normally a relative path to the script stored on the server.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_WINBIND_LOGONSERVER</term>
+ <listitem>
+ <para>
+ This exports the Active Directory server we are authenticating against. This can be
+ used as a variable later.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_WINBIND_PROFILEPATH</term>
+ <listitem>
+ <para>
+ This is the profile path set in the profile tab in the user settings. Noramlly
+ the home directory is synced with this directory on a share.
+ </para>
+ </listitem>
+ </varlistentry>
+</refsect1>
+
+<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>wbinfo</refentrytitle>
--
Samba Shared Repository
More information about the samba-cvs
mailing list