PAM & Samba [ was Re: TODO list...]
Gerald Carter
gcarter at valinux.com
Mon Oct 2 14:58:36 GMT 2000
Steve Langasek wrote:
>
> Is there any reason why Samba could not fully support
> PAM authorization and session management functions
> (which typically don't handle passwords at all)?
> Currently, the PAM support in Samba does call
> pam_acct_mgmt() to verify authorization; does it do
> this only when PAM in used for authentication as
> well? Would pam_open_session() and pam_close_session()
> fit in Samba, given that many authenticated Samba
> "sessions" last only seconds (or less)? If
> implemented, perhaps this should follow the lead
> of the experimental utmp support.
I don't think there is any reason why not. The debate
here is whether or not to settle on PAM which
as a sole authentication/authorization agent.
> PAM's authentication API as it stands now is not a
> good fit for what Samba does. Many people seem interested
> in enhancing PAM to allow it to work with Samba's
> encrypted password mode, but it would be premature to
> try incorporating this into Samba.
Thanks for the update.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list