Samba PDC as a password server
Stephen Langasek
vorlon at netexpress.net
Sat May 2 17:17:13 GMT 1998
On Fri, 1 May 1998, Luke Kenneth Casson Leighton wrote:
> On Thu, 30 Apr 1998, Dana Canfield wrote:
>
> > scheme. The only "tidy" solution I can think of that might keep
> > overhead low is to create some kind of "pam_smbdb". This would work
> > just like pam_pwdb, but would work with NT-style encryption, meaning
> > you could yank out /etc/passwd and replace it with the contents of
> > smbpasswd.
> oo. that would do it.
This sounds a bit like a module I've been (sporadically) working on,
called pam_smbpass. This module is intended to be usable for both
password changes and authentication against an /etc/smbpasswd-type
local database file. The password updates work fine, and I've been using
it for a while now to keep passwords synched between the unix & smb
databases, althoug I ran into a problem when I looked into stripping out
all other authentication code from samba in favor of a pure PAM interface:
since not even the version of the password as stored in the smbpasswd file
is available to the server in a network transaction, the module has to be
able to take the doubly-encrypted password and the original salt,
re-encrypt the password from the database, and spit back a yes or no at
the application. It's straightforward to fix, I just haven't gotten
around to doing it yet...
The current version is available at ftp://ftp.netexpress.net/pub/pam, for
those who are interested. Hopefully it'll save someone out there some
duplication of effort. :)
-Steve Langasek
-doink-
More information about the samba-ntdom
mailing list