PAM & Samba [ was Re: TODO list...]

Gerald Carter gcarter at valinux.com
Mon Oct 2 14:58:36 GMT 2000


Steve Langasek wrote:
> 
> Is there any reason why Samba could not fully support 
> PAM authorization and session management functions 
> (which typically don't handle passwords at all)?
> Currently, the PAM support in Samba does call 
> pam_acct_mgmt() to verify authorization; does it do 
> this only when PAM in used for authentication as
> well?  Would pam_open_session() and pam_close_session() 
> fit in Samba, given that many authenticated Samba 
> "sessions" last only seconds (or less)?  If 
> implemented, perhaps this should follow the lead 
> of the experimental utmp support.

I don't think there is any reason why not.  The debate
here is whether or not to settle on PAM which 
as a sole authentication/authorization agent.  

> PAM's authentication API as it stands now is not a 
> good fit for what Samba does.  Many people seem interested 
> in enhancing PAM to allow it to work with Samba's 
> encrypted password mode, but it would be premature to 
> try incorporating this into Samba.

Thanks for the update.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )




More information about the samba-technical mailing list