PAM & Samba [was Re: TODO list....]

Michael Tokarev mjt at
Mon Oct 2 16:27:03 GMT 2000

David Collier-Brown wrote:
>         3) During initialization, call pam_start (redundantly)
>            to get a pam handle for a known valid user,
>            and release it with pam_end if it succeeds.
>            If it does not return PAM_SUCCESS, be very
>            cautious about using it...
>         If it returns
>         PAM_SUCCESS -- try running pam, but be prepared to
>                 deal with failures.
>         PAM_OPEN_ERR -- the machine running Samba lacks the
>                 pam library, so use the normal code instead.
>         PAM_SYMBOL_ERR
>         PAM_BUF_ERR
>         PAM_CONV_ERR
>                 -- some error occurred in the setup, implying
>                 a programmer error in the call to pam: this
>                 **probbaly** means an unsuccessful port to
>                 the platform where samba's running. Report
>                 voluminously for the developers and use the
>                 normal code instead.

Why not to check if kernel is present this way also ?!
Standard c library?  Maybe enshure that there is at least
one CPU present in motherboard socket?
(once upon a time my windows machine told me something
like this: "there is no motherboard present in your
machine, system halted.").

Seriously, this is just a waste of efforts.  If one told
samba thst he wants it to use pam, it should use it.
Pam failures will be admin failures, not samba ones.  Really.
There are far too many things samba can check (see above)
to ever consider this checks.  It isn't a minimum requirement.
And even if so, that's not a samba fault.  Let's do samba's
work right and good first assuming working OS setup, and only
then look to possible OS troubles.  And I'm very close in
mind that if samba will do it's own work right, there will
be almost no problems with OS...


More information about the samba-technical mailing list