Samba 2.2.0 and SWAT

Steve Langasek vorlon at
Sun Nov 12 05:58:43 GMT 2000


> >I found the problem ...

> >RedHat 6.2 and possibly earlier use MD5 passwords, and this info is
> >communicated to PAM.

> >However, the default configure options are --without-pam. When RedHat
> >builds the Samba RPM, they configure --with-pam, which I think fixes things.

> OK, I have verified that this fixes the problem ... 

The MD5 password support in RedHat is not actually dependent on PAM; glibc now
supports md5 passwords natively through the libc crypt() function, all you
have to do is pass it a salt that looks like an MD5 salt instead of a
traditional crypt salt.  Changing Samba's code so that it doesn't truncate the
salt to 2 bytes when calling crypt() would fix the problem on all glibc
systems that use md5 passwords, including those that don't use PAM.

> >Perhaps we should default to --with-pam when compiling on RedHat 6.x and 7.x?

> Hmmm, I wonder how many other Linux distro's have this problem as well?

> Any objections to changing the default?

I don't think it's a good idea to check explicitly for Linux here.  If PAM is
worth enabling by default, it should probably be enabled anywhere that libpam
is available, not just on Linux systems.

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list