Alternate authenticator

Danny Braniss danny at
Mon Apr 10 07:28:24 GMT 2000

hum, sounds familiar :-)
my problem was that i keep the hashed/encrypted password out of reach, so
what i finaly did, was to change some routines, and its been working ever 
im now looking into tng, which is a bit more complicated.

the relevant files are: (samba-2.0.6)

the actual authentication is via login_smb (BSD style) but should not be too 
difficult to port to PAM style.
hope this helps, if you need more just let me know,


In message <20000409190506.E780 at>you write:
}We have a local need to authenticate samba clients against an external
}database.  Our application's goal is to use the passwords already in
}this database to authenticate SMB connections, so that we don't create
}a new password, and we don't have to dump and hash periodically.
}Looking at the code, it seems that the only option samba currently
}gives is to store relevant fields (including a hash) into some
}directory -- NIS+, LDAP, etc., or some similar structure.  I'd prefer
}not to do this, because it would mean either creating a second password
}(seeded with the first), or having to create some other tool to
}(periodically or on the fly) convert changed passwords in the extrnal
}database into NT/LM hashes in the external database.
}I would rather put code for realtime, external authentication into
}samba, and add hashing code to the database to authenticate from an
}incoming hash.
}Here's the question: I can't tell what the best place is in the samba
}code to insert calls to the external authenticator.  If the external
}authentication succeeds, it should cause a bypass of the usual
}directory-oriented hash lookups in passdb/*.c.  I essentially want to
}pass the incoming password data, or a hash or it, to the external
}database and have it return a result.
}Any pointers?  Thanks.
}I'm working From 2.0.6 code, but I can upgrade if that's helpful.
}-D. dgc at    "The beaver's powerful jaws are capable of felling
}    ENSA FORCE/		 blue spruce in less than ten minutes and prove
}      TEAM NETSEC	 needless to say, more than a match for the tender
}    U of Ill, Hyde Park	 limbs of America's favorite homemaker."

More information about the samba-technical mailing list