Using Samba as a proxy authentication service?
Mike Brodbelt
m.brodbelt at acu.ac.uk
Tue Dec 5 15:25:10 GMT 2000
David Bannon wrote:
>
> At 01:09 PM 04/12/2000 +0000, Mike Brodbelt wrote:
> >I'd like to able able to use Samba (or samba services, at any rate) to
> >allow me to authenticate users against NT Domain accounts from external
> >programs. I know that PAM modules and suchlike exist for general logon
> >authentication, but my situation is slightly different, and I'm not sure
> >of the best way to take advantage of the existing support.
> >
>
> I would set up a pam stack on the samba box and then have your application
> authenticate against that. I do so with a couple of CGIs for example. So
> you could have a web page that allows them to run a cgi that switches the
> vacation parameters. You would need appropriate security in addition to
> pam, perhaps only allowing requests from a particular ip subnet ?
That's great - thanks. I've also found a Perl binding for PAM at
http://www.cs.kuleuven.ac.be/~pelov/pam/, so hopefully I can use this in
conjunction with pam_smb, pam_ntdom, or the winbindd PAM module. I not
that Luke gave up on pam_ntdom a while ago, and pam_smb seems to be
aging - is winbindd the recommended route to go down these days?
Mike.
More information about the samba-technical
mailing list