Improved check for PAM in

Michael Sweet mike at
Thu Nov 16 13:52:29 GMT 2000

Richard Sharpe wrote:
> Hi,
> I have undertaken to generate an improved check for PAM for
> for Samba 2.2.x
> While I can check that the PAM libraries are on the system, it may
> be that PAM is not actually in use, and some versions of Linux are
> like that.
> The next step I can do is to check for /etc/pam.d/samba, with
> something like
> ...
> However, this is not very portable ... Solaris does not use the

No, nor will it work when you haven't installed SAMBA before... ;)

> same format as Linux does these days, and I am not sure what
> wierd OSes like HP/UX and DU do when they have PAM installed (as
> part of CDE for example).

They use the Solaris implementation, which is the old Linux
implementation - one /etc/pam.conf file, with default authentication
for logins for any unknown service.

What I would suggest to do is:

    1. Look for the PAM library; if it is there, compile in PAM
    2. Add a new "pam" option to smb.conf; defaulted to "yes"
       but configurable to "no".  That will allow systems that
       don't use PAM but do have PAM installed to disable PAM
       usage (probably not needed since the default PAM
       configuration can use /etc/passwd or /etc/shadow, but
       adding it will make the PAM support more robust...)

Also, see the CUPS sources for example PAM configuration files and
tests for Linux - SuSE differs in the naming of the PAM DSOs from
the rest of the Linux world, so you can setup the Makefile to
install the proper one if /etc/pam.d exists (simple check...)

Michael Sweet, Easy Software Products                  mike at
Printing Software for UNIX             

More information about the samba-technical mailing list