W2K Domain Login Problem with 2.2.0

[Andrew Bartlett]

PeRcY YuEn wrote:
> 
> Steve and Andrew,
> 
>   Thanks for your PAM patch. it works perfectly now. I have two notes
> however.
> 
>   First, in Solaris 2.6, PAM_AUTHTOK_RECOVER_ERR is
> PAM_AUTHTOK_RECOVERY_ERR. I don't know about other system's PAM interface.
> But at least we have a speical case here.

Same on the PAM web pages, but it wouln't compile until I changed it...

> 
>   The next thing is that I noticed Andrew have added PAM password change
> in the patch. Because I am running Samba in a NIS+ slave and I have
> already developed custom external programs to do the password changing. So
> I need an easy way to disable PAM password changing (but still keeping PAM
> authentication) so that I can still use the password chat. I propose to
> modify the parsing of the configuration parameter "passwd program" so that
> when it is = PAM, we use pam for password changing, otherwise, use the
> given command. Any idea?
> 

The infinatly configurable samba.  It should be pretty ovbious were to
put the if statement (chgpasswd.c).  However, we should make PAM the
default, as I think its a sesible default for most installations.  (Unix
password sync being off by default).

Andrew Bartlett
abartlet at pcug.org.au

> On Mon, 23 Apr 2001, Steve Langasek wrote:
> 
> > Percy,
> >
> > Here's a quick implementation of pam_permit:
> > ----------------------
> > ----------------------
> >
> > save the above code as pam_permit.c, and compile it with the command
> > 'cc -Kpic -o pam_permit.o -c pam_permit.c && cc -G -o pam_permit.so.1 pam_permit.o'
> > (which I'm told is the correct command on Solaris).
> >
> > That should give you a pam_permit.so.1 that you can use in the 'account'
> > section of Samba's PAM config.
> >
> > If it doesn't work... hopefully I'll have a fix for Samba that /does/ work by
> > the time you know that it doesn't work.
> >
> > Steve Langasek
> > postmodern programmer
> >

-- 
Andrew Bartlett
abartlet at pcug.org.au