W2K Domain Login Problem with 2.2.0

PeRcY YuEn percy at py.dhs.org
Tue Apr 24 18:17:13 GMT 2001


Steve and Andrew,

  Thanks for your PAM patch. it works perfectly now. I have two notes
however.

  First, in Solaris 2.6, PAM_AUTHTOK_RECOVER_ERR is
PAM_AUTHTOK_RECOVERY_ERR. I don't know about other system's PAM interface.
But at least we have a speical case here.

  The next thing is that I noticed Andrew have added PAM password change
in the patch. Because I am running Samba in a NIS+ slave and I have
already developed custom external programs to do the password changing. So
I need an easy way to disable PAM password changing (but still keeping PAM
authentication) so that I can still use the password chat. I propose to
modify the parsing of the configuration parameter "passwd program" so that
when it is = PAM, we use pam for password changing, otherwise, use the
given command. Any idea?

  Regards,
  Percy

On Mon, 23 Apr 2001, Steve Langasek wrote:

> Percy,
>
> Here's a quick implementation of pam_permit:
> ----------------------
> ----------------------
>
> save the above code as pam_permit.c, and compile it with the command
> 'cc -Kpic -o pam_permit.o -c pam_permit.c && cc -G -o pam_permit.so.1 pam_permit.o'
> (which I'm told is the correct command on Solaris).
>
> That should give you a pam_permit.so.1 that you can use in the 'account'
> section of Samba's PAM config.
>
> If it doesn't work... hopefully I'll have a fix for Samba that /does/ work by
> the time you know that it doesn't work.
>
> Steve Langasek
> postmodern programmer
>






More information about the samba-technical mailing list