TODO list proposal for volunteers

Simo Sorce simo.sorce at
Mon Oct 2 10:40:55 GMT 2000

Gerald Carter wrote:
> Seth Vidal wrote:
> >
> > I would disagree - I'm not sure you're getting the
> > point of it. maybe you are and have other problems
> > with it. but I've not heard them here so.
> >
> > but what it sounds like to me is your are suggesting
> > rewriting what pam does in samba - which sounds like
> > duplicated and wasted effort.
> Seth.  We cannot simply pamify Samba (aside from the
> support which already exists). How do you proposed
> supporting an LDAP backend (which will act as a stepping
> stone in plugging Samba into an Win20/AD domain)?
> Someone please correct me, but unless you are using a...
> now what does pam call it....something like use_mapped_pass....
> anyways, my understanding is that  PAM requires plan text
> unless you are specifying that the plain text password be
> used to generate an encryption key for storing authentication
> tokens on disk.  The last time i checked, the Linux-PAM
> modules did not support this anyways.
> Did I miss something here?
> All we are talking about is to provide an abstraction layer
> which would essentially specify a set of callbacks that
> could be very simple wrapper functions or more complex routines
> requiring lots of stuff.  It gives us the flexibility to
> replace the backend with either a local TDB, a remote
> LDAP directory, etc...
> This is how Luke initally designed the API and still exists
> in 2.0.7 and HEAD today.
> Cheers, jerry

Totally agree with Gerald,
PAM is a really good and nice way to perform simple authentication
abstraction for unix but:
1. It does not support the authentication scheme (without cleartext
password) the M$ imposed.
2. It will not be flexible enough or completely inappropriate with LDAP
3. Samba has always supported the most operating system they can and I
think this is agood policy; breaking platform support for "marketing"
purposes is weird at least.

Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at 02 2399 2425 - 02 2399 2451
Be happy, use Linux!

More information about the samba-technical mailing list