Problems compiling --with-PAM on HP-UX 11.00 64.

Onime Clement onime at ictp.trieste.it
Wed Jul 26 07:48:46 GMT 2000


With PAM support enabled, I expect you need to add entries (for samba) to
the HP system PAM configuration.
This is /etc/pam.conf and the suggested entries for AFS/samba are:

samba   auth optional   /usr/lib/security/libpam_unix.1 
samba   auth sufficient         /usr/lib/security/pam_afs.so use_first_pass ignore_root
samba   auth required           /usr/lib/security/libpam_unix.1 use_first_pass
samba   account required        /usr/lib/security/libpam_unix.1 

Note: That the third authentication entry (with required) is necessary to
prevent login if the user fails both the AFS login and the system's login.

Finally you may need to add the following bit of patch code to the file
passdb/pass_check.c

--- passdb/pass_check.c.orig    Wed May 31 00:28:44 2000
+++ passdb/pass_check.c Wed Jun  7 14:33:44 2000
@@ -129,4 +129,13 @@                 
   pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
   PAM_BAIL;                         
+       /* Now set the session credentials...
+       */                           
+#ifdef PAM_ESTABLISH_CRED           
+       pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+#else                               
+       pam_error = pam_setcred(pamh, PAM_CRED_ESTABLISH);
+#endif                              
+       PAM_BAIL;                    
+               
   pam_end(pamh, PAM_SUCCESS);
   /* If this point is reached, the user has been authenticated. */


Basically, the above ensures that smbd will be able to set the AFS
token after authentication.

The above worked/works for me on a Solaris 2.7 system with Samba 2.0.7!

Thanks
Clement Onime






More information about the samba-technical mailing list