Removal of plaintext krb5 support.

Mike Gerdts Michael.Gerdts at
Thu Nov 15 12:26:05 GMT 2001

On Thu, 2001-11-15 at 14:42, Green, Paul wrote:
> I maintain the port of Samba for the Stratus VOS system, which is a
> POSIX-but-not-Unix operating system. I can port and run a whole lot of open
> source / free software that is POSIX-1996 compliant and that follows the GNU
> autoconf/configure model (I even run the native configure script these
> days).  But we currently have nothing like PAM support and no plans to add
> it.  We don't have dynamic link libraries or dynamically loadable code,
> either.  (None of these things are in POSIX-1996).  Having Samba require PAM
> support would create a real headache for me.  Please don't assume that we
> are all running Unix systems.
> I do agree with your point about autoconf. I think it is truly marvelous.

FWIW, the build environment for Linux-PAM provides a mechanism for
building PAM staticly.  I have never built it that way, so I cannot
vouch for how well it works.  I do, however, now have a better
understanding of why one would want to do this.  

If Samba had and maintained something like --with-pam-static and
--with-pam-static-modules=krb5,krb4,mylocalcustomhack then Samba could
take advantage of PAM without the need for dynamically loaded modules. 
So long as you are happy with plaintext passwords, it also gives you an
easy way to add custom authentication mechanisms without having to learn
the (what I assume to be) twisted maze of Samba authentication.  PAM
modules are quite easy to write.


More information about the samba-technical mailing list