PASSDB: local and domain accounts

Tim Potter tpot at
Thu Nov 16 23:57:58 GMT 2000

David Lee writes:

> I'll immediately confess that I haven't been following all the detail,
> and that I'm unfamiliar with much of the detail.
> But can I just check a few points?  The perspective is "can it accomodate
> our current working and its possible evolution?"  Any evolution will
> _have_ to be gentle.  (Saying "you shouldn't start from here" isn't an
> option!)
> Does the phrase "/etc/passwd" include, say, NIS and/or perhaps other
> technologies, as directed by PAM? 

Usually not.  Most Unixen come with nis and nisplus nss modules
which can be placed in the appropriate position of the passwd and
group configuration in nsswitch.conf

> Will we be able to use PAM's password maintenance function (currently just
> "") to maintain (typically from UNIX) multiple parallel
> incarnations/encryptions of the password (e.g. UNIX, Lanman and NT) of a
> single logical password?  Probably something like:
>    other   password required       /path/to/
>    other   password required       /path/to/pam_<blah_samba_blah>.so
> (hoping that both work or both fail!).

The pam password mechanism is actually quite powerful. I have
implemented password changing functionality in the winbind nss
module but it is currently hardcoded for interactive use but
works as a proof of concept.


More information about the samba-technical mailing list