W2K Domain Login Problem with 2.2.0
Steve Langasek
vorlon at netexpress.net
Mon Apr 23 16:34:09 GMT 2001
On Tue, 24 Apr 2001, Andrew Bartlett wrote:
> Gerald Carter wrote:
> >
> > Andrew Bartlett wrote:
> > >
> > > That's it as it stands anyway, but admins LIKE pam,
> > > because all applications use the same criteria deciding
> > > on a users validity - without PAM, my uni's IT department
> > > couldn't allow logins into its SSH server - because
> > > ssh.com doesn't support PAM. OpenSSH however supported
> > > pam and allows users to authenticate against LDAP.
> > > PAM is worth the effort - it really is.
> >
> > Some admins like PAM. Some just like it some of the time.
> > :-)
> >
> > >
> > > OK, so we have found our problem. Its misconfigred
> > > systems - users who are not using our supplied PAM config.
> >
> > I'm no RPM expert, but isn't this our fault?
> >
> > %attr(-,root,root) %config(noreplace) /etc/pam.d/samba
>
> Nope, becouse the install script stomped all over /etc/pam.d/samba
> anyway. That makes the spec file broken, but not broken in this
> respect.
Either way, the PAM code now places additional requirements on the contents of
/etc/pam.d/samba in some cases, and we have no way of proactively notifying
the admin of this. An admin who chooses to keep a previously recommended PAM
config may find that it no longer works in conjunction with certain Samba
configurations. This is less than ideal.
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list