ANNOUNCE: pam_pwexport, Unix->SMB password changes
Steve Langasek
vorlon at netexpress.net
Thu Jun 15 14:40:44 GMT 2000
On Tue, 13 Jun 2000, Peter Samuelson wrote:
> [[posted to samba-ntdom and samba-technical]]
> More than one user has recently asked about Unix->Samba password sync.
> You can go the *other* direction with those chat options in smb.conf,
> and Samba even has an option `update encrypted' for using cleartext
> passwords and populating the smbpasswd file when people change them.
> But when a user executes `passwd' or `yppasswd' on the Unix system,
> Samba has no way of knowing, so your NT password gets out of sync.
> Until now.
Not entirely true; pam_smbpass has allowed people to do this for a while
using PAM. But pam_smbpass is in a state of flux right now, and more PAM
modules are always welcome. :) As you say, pam_pwexport isn't specific to
Samba, either.
> Like most PAM modules, it's not very hard to set up. Included is an
> example glue script for making it work with smbpasswd.
> ALSO: pam_pwexport won't work properly without a small patch, included,
> to fix a bug in Linux-PAM 0.72.
Interesting. I guess that explains why I was having trouble changing the
order in which password modules were stacked. :) However, I think the
'_pam_delete(tpass);' line still needs to be there (you have it commented
out), as there's no reason why the crypted password should be kept around.
(I haven't looked to closely, but I think it's a memory leak if we don't
destroy it there.)
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list