Samba 2.2.0 and SWAT

Richard Sharpe sharpe at ns.aus.com
Thu Nov 9 22:57:08 GMT 2000


At 11:58 PM 11/11/00 -0600, Steve Langasek wrote:
>
>Richard,
>
>> >I found the problem ...
>
>> >RedHat 6.2 and possibly earlier use MD5 passwords, and this info is
>> >communicated to PAM.
>
>> >However, the default configure options are --without-pam. When RedHat
>> >builds the Samba RPM, they configure --with-pam, which I think fixes
things.
>
>> OK, I have verified that this fixes the problem ... 
>
>The MD5 password support in RedHat is not actually dependent on PAM; glibc
now
>supports md5 passwords natively through the libc crypt() function, all you
>have to do is pass it a salt that looks like an MD5 salt instead of a
>traditional crypt salt.  Changing Samba's code so that it doesn't truncate
the
>salt to 2 bytes when calling crypt() would fix the problem on all glibc
>systems that use md5 passwords, including those that don't use PAM.

OK, that sounds good ...

So, perhaps we need a configure test to check for MD5 support in crypt as
well.

>> >Perhaps we should default to --with-pam when compiling on RedHat 6.x
and 7.x?
>
>> Hmmm, I wonder how many other Linux distro's have this problem as well?
>
>> Any objections to changing the default?
>
>I don't think it's a good idea to check explicitly for Linux here.  If PAM is
>worth enabling by default, it should probably be enabled anywhere that libpam
>is available, not just on Linux systems.

OK, I tend to agree here. FreeBSD has PAM for example, as does Solaris, and
it would perhaps seem like a good idea to make it the default on those
systems.

>Steve Langasek
>postmodern programmer
>
>

Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba






More information about the samba-technical mailing list