TODO list proposal for volunteers
David Lee
T.D.Lee at durham.ac.uk
Fri Sep 29 16:57:43 GMT 2000
On Fri, 29 Sep 2000, Christopher R. Hertel wrote:
> > I also think PAM is a must to support as it permits more freedom to
> > choice the authentication system, but as NT Passwords are hashed and not
> > sent in clear/text it is not so usefull as it could be.
>
> Not all systems that support Samba can support PAM. There are lots of
> other important authentication mechanisms as well, including RADIUS and
> Kerberos. Where possible, consider an abstraction layer that doesn't
> rely on a specific underlying mechanism.
Indeed. My point was simply that Samba should take advantage of, and work
with, PAM, where it is available (and where the context is appropriate).
For instance, one could envisage a user having one logical password: they
could maintain it on UNIX with standard "passwd" command, and PAM could
store it twice:
1. in the local standard UNIX way (historically 13-char crypt, but
latterly LDAP, Kerberos etc.) for typical UNIX activity;
2. a pam_smb module storing it in a smbpasswd file (NT/Lanman crypt etc.)
for Samba authentication.
One logical password, multiple incarnations of it, one coordinated
maintenance mechanism.
--
: David Lee I.T. Service :
: Systems Programmer Computer Centre :
: University of Durham :
: http://www.dur.ac.uk/~dcl0tdl South Road :
: Durham :
: Phone: +44 191 374 2882 U.K. :
More information about the samba-technical
mailing list