W2K Domain Login Problem with 2.2.0

Jeremy Allison jeremy at valinux.com
Mon Apr 23 15:28:05 GMT 2001

On Mon, Apr 23, 2001 at 06:10:48PM +1000, Andrew Bartlett wrote:
> Its called pam_permit, and its already a config option.  Simply set the
> lines in your /etc/pam.d/samba or /etc/pam.conf to use pam_permit.so as
> the module, and pam is instantly disabled.  (Don't do this for
> authentications though - as this will open your server wide open).
> It should be safe for the rest, as that basicly what we do when we don't
> compile with pam, account and sesion checks just dissapear.

No, this is not acceptible, as it is not an option under
Samba control.

The problem is people don't even know they're using pam
or why it's broken in samba, as is evidenced by some of
the bug reports we're getting.

The safest default is ship with pam *OFF*, then allow
admins who want it to turn it on. Simo is right, a smb.conf
option is the best solution here.


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list