PAM & Samba [ was Re: TODO list...]

Gerald Carter gcarter at
Mon Oct 2 14:58:36 GMT 2000

Steve Langasek wrote:
> Is there any reason why Samba could not fully support 
> PAM authorization and session management functions 
> (which typically don't handle passwords at all)?
> Currently, the PAM support in Samba does call 
> pam_acct_mgmt() to verify authorization; does it do 
> this only when PAM in used for authentication as
> well?  Would pam_open_session() and pam_close_session() 
> fit in Samba, given that many authenticated Samba 
> "sessions" last only seconds (or less)?  If 
> implemented, perhaps this should follow the lead 
> of the experimental utmp support.

I don't think there is any reason why not.  The debate
here is whether or not to settle on PAM which 
as a sole authentication/authorization agent.  

> PAM's authentication API as it stands now is not a 
> good fit for what Samba does.  Many people seem interested 
> in enhancing PAM to allow it to work with Samba's 
> encrypted password mode, but it would be premature to 
> try incorporating this into Samba.

Thanks for the update.

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/  VA Linux Systems    gcarter at       SAMBA Team           jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list