Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Jan 21 15:52:47 GMT 1999
david and i have considered combining all the pam_smb and pam_ntdom stuff
into one pam module. password changing stuff should probably also be in
/etc/passwd changing should not be done in nt/smb password changing PAMs,
what is the point?
the reason for the combine is to have an "auto-detect" of either dce/rpc
or non-dce/rpc systems (send a dce/rpc NetServerGetInfo call, if it fails
it's an SMB system, if it succeeds it's a SAMBA or NT server).
On Thu, 21 Jan 1999, Richard Sharpe wrote:
> it seems that it should be possible to write a pam module that allows a
> user to change their password on a remote PDC from UNIX, if one were to do
> the following:
> 1. Obtain the old password from the user, and then do a logon/valid user
> check against the PDC or DC
> If that succeeds, the user's old password seems kosher
> 2. Get the new password twice to ensure they know what they are typing
> 3. Call remote_password_change from libsmb passing it the right args.
> It seems that pam_smbpass could be used as a model. It tries to sync the
> passwords in /etc/passwd and /etc/smbpasswd.
> Then combined with something like pam_ntdom, one could have all the UNIX
> machines authenticating and changing passwords against a Samba PDC.
> Any comments?
> Richard Sharpe, sharpe at ns.aus.com, NIC-Handle:RJS96
> NS Computer Software and Services P/L,
> Ph: +61-8-8281-0063, FAX: +61-8-8250-2080,
> Samba (Team member), Linux, Apache, Digital UNIX, AIX, C, ...
<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>
More information about the samba-technical