PAM & Samba [was Re: TODO list....]
David Collier-Brown
David.Collier-Brown at canada.sun.com
Mon Oct 2 17:16:44 GMT 2000
A possible code snippet for pass_check.c: note that I'm not
using pam myself and haven't checked this for typos.
static BOOL pam_auth(char *user,char *password)
{
pam_handle_t *pamh;
int pam_error;
/* Now use PAM to do authentication. For now, we won't worry about
* session logging, only authentication. Bail out if there are any
* errors. Since this is a limited protocol, and an even more
limited
* function within a server speaking this protocol, we can't be as
* verbose as would otherwise make sense.
* Query: should we be using PAM_SILENT to shut PAM up?
*/
#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
DEBUG(0,("pam_start returned %s\n", \
pam_strerror(NULL,pam_error))); \
pam_end(pamh, 0); \
return False; \
}
PAM_password = password;
PAM_username = user;
switch(pam_error = pam_start("samba", user, &PAM_conversation,
&pamh)) {
case PAM_SUCCESS:
break;
case PAM_OPEN_ERR:
DEBUG(0,("could not open the PAM shared library, this machine "
"may not support Pluggable Authentication Modules."));
default:
DEBUG(0,("pam_start returned %s\n", pam_strerror(NULL,pam_error)));
(void) pam_end(pamh, 0);
return False;
}
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list