Removal of plaintext krb5 support.

Green, Paul Paul.Green at
Sat Nov 17 11:43:02 GMT 2001

We just released Samba for VOS two months ago, and to run it you must be
running the most recent version of VOS (14.4.1), which was released at the
same time.  Since most of our customers only upgrade operating systems once
per year, or less, it is going to take some time to ramp up its use.
Nonetheless, we do have several customers who already have purchased it, and
many who have said their will put it up within 12-24 months. (This must
sound like forever to most of you, but our servers run mission-critical
applications and that is the planning horizon our customers use).

I think that most of our customers will be attaching to Samba via Windows NT
or Windows 2000.  I have no idea how many will force their systems into
plain text passwords mode...we run Samba in-house in security=domain mode,
and I'm pretty sure we use encrypted passwords on the wire.

Actually, I doubt we will have much demand for supporting

How does the plaintext issue interact with the PAM issue?  I think I'm
lacking some piece of information here. I thought the purpose of PAM was to
hide the details of the authentication algorithm(s)...

Paul Green, Senior Technical Consultant, Stratus Computer, Inc.
Voice: +1 978-461-7557; FAX: +1 978-461-3610; Video on request.

-----Original Message-----
From: Mayers, Philip J [mailto:p.mayers at]
Sent: Saturday, November 17, 2001 2:01 PM
To: 'Green, Paul '; ''samba-technical at' '
Cc: ''lukeh at' '
Subject: RE: Removal of plaintext krb5 support.

PAM and it's modules can be compiled statically, IIRC.

Out of interest, are there many users of plaintext passwords and Samba on


-----Original Message-----
From: Green, Paul
To: 'samba-technical at'
Cc: 'lukeh at'
Sent: 15/11/2001 19:42
Subject: Re: Removal of plaintext krb5 support.

Luke Howard <lukeh at PADL.COM> wrote, on Tue, 13 Nov 2001 12:33:55 +1100

> >Keeping in mind, as A.B. pointed out, that not all of the supported 
> >platforms can run PAM.
> >
> >What work-around exists for non-PAM systems?
> You can always compile Linux-PAM on those systems. Granted, that's
> not as easy as it sounds, but certainly it's easier than it used
> to be now that autoconf is supported.

I maintain the port of Samba for the Stratus VOS system, which is a
POSIX-but-not-Unix operating system. I can port and run a whole lot of
source / free software that is POSIX-1996 compliant and that follows the
autoconf/configure model (I even run the native configure script these
days).  But we currently have nothing like PAM support and no plans to
it.  We don't have dynamic link libraries or dynamically loadable code,
either.  (None of these things are in POSIX-1996).  Having Samba require
support would create a real headache for me.  Please don't assume that
are all running Unix systems.

I do agree with your point about autoconf. I think it is truly

Paul Green, Senior Technical Consultant, Stratus Technologies.
Voice: +1 978-461-7557; FAX: +1 978-461-3610; Video on request.

More information about the samba-technical mailing list