W2K Domain Login Problem with 2.2.0
vorlon at netexpress.net
Mon Apr 23 16:34:09 GMT 2001
On Tue, 24 Apr 2001, Andrew Bartlett wrote:
> Gerald Carter wrote:
> > Andrew Bartlett wrote:
> > >
> > > That's it as it stands anyway, but admins LIKE pam,
> > > because all applications use the same criteria deciding
> > > on a users validity - without PAM, my uni's IT department
> > > couldn't allow logins into its SSH server - because
> > > ssh.com doesn't support PAM. OpenSSH however supported
> > > pam and allows users to authenticate against LDAP.
> > > PAM is worth the effort - it really is.
> > Some admins like PAM. Some just like it some of the time.
> > :-)
> > >
> > > OK, so we have found our problem. Its misconfigred
> > > systems - users who are not using our supplied PAM config.
> > I'm no RPM expert, but isn't this our fault?
> > %attr(-,root,root) %config(noreplace) /etc/pam.d/samba
> Nope, becouse the install script stomped all over /etc/pam.d/samba
> anyway. That makes the spec file broken, but not broken in this
Either way, the PAM code now places additional requirements on the contents of
/etc/pam.d/samba in some cases, and we have no way of proactively notifying
the admin of this. An admin who chooses to keep a previously recommended PAM
config may find that it no longer works in conjunction with certain Samba
configurations. This is less than ideal.
More information about the samba-technical