W2K Domain Login Problem with 2.2.0

Gerald Carter gcarter at valinux.com
Mon Apr 23 14:06:44 GMT 2001

Jeremy Allison wrote:
> Ok - I've been playing with this a bit and I'm coming
> to the conclusion we should compile Linux Samba with
> pam turned *OFF* by default, and let those admins
> who want it recompile with the --with-pam option for
> a PDC.


> Now either we *always* control the pam.d/samba file that is
> used on install, or we skip this whole ugly mess and ship
> with PAM *off* by default, and let those admins who want
> it turn it on....
> What concerns me is shipping an rpm on Linux that *works*, out
> of the box for approx. 100% of our users. If adding pam by
> default takes that figure down to 99% then it's *NOT* worth
> the support hassles.
> It has to be *bulletproof*. I'm not sure it is right now
> due to the disparity in PAM modules/implementations on Linux
> and Solaris boxes.
> Thoughts anyone ?

I 100% agree.  Also, we provided no documentation 
on the change in semantics, so admins did not know 
to expect different behavior.  I like PAM in some things,
I'm just a little reserved about it in Samba.  (I know
I'll get flamed for that later).

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list