PAM and NT'ed Linux ..

Andrew Morgan morgan at
Fri May 1 18:37:32 GMT 1998

William M. Perry writes:
> Luke Kenneth Casson Leighton <lkcl at> writes:
> > then would the username format of \DOMAIN\user (or DOMAIN/user) suffice
> > in this instance?  are you saying that arbitrary user prompting means
> > "give me a username and a password and nothing else"?
>   No - arbitrary user prompting is the case where you give separate prompts 
> for username, domain, and password, and potentially go through the
> rigamarole of changing the user's password if it has expired.

This does not quite say it fully.  By "arbitrary" you should think "any
form of interaction with the user".

Things like ftp and pop and apache have a hard time being this
flexible -- they were not written with PAM in mind.  What people have
done is make th username+password available to PAM -- it is mostly a
hack but as good as you can get really.

In general, you might opt for "domain/username", perhaps having a
module argument that can flip between this and more elaborate
authentication "conversations" would be the best of both worlds..?



More information about the samba-ntdom mailing list