Luke Kenneth Casson Leighton lkcl at
Thu Jan 21 15:52:47 GMT 1999

david and i have considered combining all the pam_smb and pam_ntdom stuff
into one pam module.  password changing stuff should probably also be in

/etc/passwd changing should not be done in nt/smb password changing PAMs,
what is the point?

the reason for the combine is to have an "auto-detect" of either dce/rpc
or non-dce/rpc systems (send a dce/rpc NetServerGetInfo call, if it fails
it's an SMB system, if it succeeds it's a SAMBA or NT server).


On Thu, 21 Jan 1999, Richard Sharpe wrote:

> Hi,
> it seems that it should be possible to write a pam module that allows a
> user to change their password on a remote PDC from UNIX, if one were to do
> the following:
> 1. Obtain the old password from the user, and then do a logon/valid user
> check against the PDC or DC
> If that succeeds, the user's old password seems kosher
> 2. Get the new password twice to ensure they know what they are typing
> 3. Call remote_password_change from libsmb passing it the right args.
> It seems that pam_smbpass could be used as a model. It tries to sync the
> passwords in /etc/passwd and /etc/smbpasswd.
> Then combined with something like pam_ntdom, one could have all the UNIX
> machines authenticating and changing passwords against a Samba PDC.
> Any comments?
> Regards
> -------
> Richard Sharpe, sharpe at, NIC-Handle:RJS96
> NS Computer Software and Services P/L, 
> Ph: +61-8-8281-0063, FAX: +61-8-8250-2080, 
> Samba (Team member), Linux, Apache, Digital UNIX, AIX, C, ...

<a href="mailto:lkcl at" > Luke Kenneth Casson Leighton  </a>
<a href=""> Samba and Network Development </a>
<a href=""       > Samba and Network Consultancy </a>

More information about the samba-technical mailing list