PASSDB: local and domain accounts
Tim Potter
tpot at linuxcare.com.au
Thu Nov 16 23:57:58 GMT 2000
David Lee writes:
> I'll immediately confess that I haven't been following all the detail,
> and that I'm unfamiliar with much of the detail.
>
> But can I just check a few points? The perspective is "can it accomodate
> our current working and its possible evolution?" Any evolution will
> _have_ to be gentle. (Saying "you shouldn't start from here" isn't an
> option!)
>
> Does the phrase "/etc/passwd" include, say, NIS and/or perhaps other
> technologies, as directed by PAM?
Usually not. Most Unixen come with nis and nisplus nss modules
which can be placed in the appropriate position of the passwd and
group configuration in nsswitch.conf
> Will we be able to use PAM's password maintenance function (currently just
> "pam_unix.so") to maintain (typically from UNIX) multiple parallel
> incarnations/encryptions of the password (e.g. UNIX, Lanman and NT) of a
> single logical password? Probably something like:
> other password required /path/to/pam_unix.so
> other password required /path/to/pam_<blah_samba_blah>.so
> (hoping that both work or both fail!).
The pam password mechanism is actually quite powerful. I have
implemented password changing functionality in the winbind nss
module but it is currently hardcoded for interactive use but
works as a proof of concept.
Tim.
More information about the samba-technical
mailing list