Samba and PAM

Matthew Geddes mgeddes at
Sun Apr 1 23:56:45 GMT 2001

Martin Sheppard wrote:

> >I believe Samba only uses PAM for the Unix account side of things (ie,
> >not authentication, but permissions and RID mapping). Unless you have
> >configured Samba and all of your Windows machines to not encrypt
> >passwords. All of this is explained in detail in a text file in the
> >Samba documentation, I believe.
> PAM has nothing to do with permissions or RID mapping.

Each samba user is required to have a unix account on the box in
question. Usually, this is the passwd file, but if I enable --with-pam,
I can then have the same data in an LDAP directory instead (for
example). Given that all of this is happening on machines with encrypted
passwords, why would that be necessary? I was under the impression that
Samba uses this stuff for file system permissions.

> Samba will use PAM
> for authentication when possible, which is only if you have configured it
> not to use encrypted passwords. If you have encrypted passwords turned on
> then Samba doesn't have access to the plaintext of the password and so it
> can't pass the password on to the PAM module.



More information about the samba-technical mailing list