Samba 2.2.0 and SWAT

Richard Sharpe sharpe at
Thu Nov 9 22:57:08 GMT 2000

At 11:58 PM 11/11/00 -0600, Steve Langasek wrote:
>> >I found the problem ...
>> >RedHat 6.2 and possibly earlier use MD5 passwords, and this info is
>> >communicated to PAM.
>> >However, the default configure options are --without-pam. When RedHat
>> >builds the Samba RPM, they configure --with-pam, which I think fixes
>> OK, I have verified that this fixes the problem ... 
>The MD5 password support in RedHat is not actually dependent on PAM; glibc
>supports md5 passwords natively through the libc crypt() function, all you
>have to do is pass it a salt that looks like an MD5 salt instead of a
>traditional crypt salt.  Changing Samba's code so that it doesn't truncate
>salt to 2 bytes when calling crypt() would fix the problem on all glibc
>systems that use md5 passwords, including those that don't use PAM.

OK, that sounds good ...

So, perhaps we need a configure test to check for MD5 support in crypt as

>> >Perhaps we should default to --with-pam when compiling on RedHat 6.x
and 7.x?
>> Hmmm, I wonder how many other Linux distro's have this problem as well?
>> Any objections to changing the default?
>I don't think it's a good idea to check explicitly for Linux here.  If PAM is
>worth enabling by default, it should probably be enabled anywhere that libpam
>is available, not just on Linux systems.

OK, I tend to agree here. FreeBSD has PAM for example, as does Solaris, and
it would perhaps seem like a good idea to make it the default on those

>Steve Langasek
>postmodern programmer

Richard Sharpe, sharpe at
Samba (Team member,, Ethereal (Team member,
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

More information about the samba-technical mailing list