Samba and PAM
Eric Reischer
emr at engr.de.psu.edu
Fri Mar 30 23:09:30 GMT 2001
>PAM has nothing to do with permissions or RID mapping. Samba will use PAM
>for authentication when possible, which is only if you have configured it
>not to use encrypted passwords. If you have encrypted passwords turned on
>then Samba doesn't have access to the plaintext of the password and so it
>can't pass the password on to the PAM module.
That did it. It's going to my PAM kerberos module now. But thus brings up
another issue: Since I'm authenticating via PAM, the users that will be
accessing the system are not in the /etc/passwd file. Now since there will
be over 1,500 people accessing this system, I don't want to have to
maintain a huge passwd file. The problem is, it appears as though before
it tries to authenticate via PAM, something in pass_check.c tries to
resolve the given username to a UID using /etc/passwd. I can confirm this
because I added a test account to /etc/passwd, except with a different
password from my kerberos account, and it authenticated successfully (when
I entered in my kerberos password at the prompt). It seems that if I have
the `force user` directive set, it should never need to look up the user's
UID in the first place. I could probably modify the code myself to replace
all UID calls with a single variable, which I can set to whatever UID I
want, but I was wondering if there was already a way to do that, and I'm
just not finding it.
Eric
More information about the samba-technical
mailing list