Alternate authenticator
Danny Braniss
danny at cs.huji.ac.il
Mon Apr 10 07:28:24 GMT 2000
hum, sounds familiar :-)
my problem was that i keep the hashed/encrypted password out of reach, so
what i finaly did, was to change some routines, and its been working ever
since.
im now looking into tng, which is a bit more complicated.
the relevant files are: (samba-2.0.6)
passdb/passdb.c
rpc_server/srv_netlog.c
smbd/password.c
the actual authentication is via login_smb (BSD style) but should not be too
difficult to port to PAM style.
hope this helps, if you need more just let me know,
danny
In message <20000409190506.E780 at smack.uchicago.edu>you write:
}We have a local need to authenticate samba clients against an external
}database. Our application's goal is to use the passwords already in
}this database to authenticate SMB connections, so that we don't create
}a new password, and we don't have to dump and hash periodically.
}
}Looking at the code, it seems that the only option samba currently
}gives is to store relevant fields (including a hash) into some
}directory -- NIS+, LDAP, etc., or some similar structure. I'd prefer
}not to do this, because it would mean either creating a second password
}(seeded with the first), or having to create some other tool to
}(periodically or on the fly) convert changed passwords in the extrnal
}database into NT/LM hashes in the external database.
}
}I would rather put code for realtime, external authentication into
}samba, and add hashing code to the database to authenticate from an
}incoming hash.
}
}Here's the question: I can't tell what the best place is in the samba
}code to insert calls to the external authenticator. If the external
}authentication succeeds, it should cause a bypass of the usual
}directory-oriented hash lookups in passdb/*.c. I essentially want to
}pass the incoming password data, or a hash or it, to the external
}database and have it return a result.
}
}Any pointers? Thanks.
}
}I'm working From 2.0.6 code, but I can upgrade if that's helpful.
}
}--
}-D. dgc at uchicago.edu "The beaver's powerful jaws are capable of felling
} ENSA FORCE/ blue spruce in less than ten minutes and prove
}d,
} TEAM NETSEC needless to say, more than a match for the tender
} U of Ill, Hyde Park limbs of America's favorite homemaker."
}
More information about the samba-technical
mailing list