Building a custom auth back-end.
Andrew Bartlett
abartlet at samba.org
Thu Jan 9 21:55:01 GMT 2003
On Fri, 2003-01-10 at 08:41, Christopher R. Hertel wrote:
> Abartlet, et. al.,
>
> I've been asked to check on something. I haven't been working with this
> aspect of the authentication code in Samba so I need a little guidance.
>
> Question: How hard is it, if we're *not* using PAM, to build a custom
> authentication back-end for Samba?
Not too hard, for Samba 3.0
> The reason that we (the University, where I work) are not using PAM is
> that there are a lot of servers out there on all sorts of platforms.
> Some use PAM, some don't. A general solution would need to work without.
> The authentication database is a big central system. It can do RADIUS and
> LDAP and a few other schemes, but RADIUS is preferred. It already stores
> NTLMv1 hashes.
>
> To give you an idea of scale (and why this is an interesting project), the
> central database has on the order of 130,000 user entries. We're a big
> shop, in some ways, a lot of little shops in others.
>
> Anyway, the goal is to let Windows users connect to Samba servers,
> authenticating against the central database. I think it should be easy to
> do, if we have the hooks to do it. I think I remember someone saying we
> have such hooks. As you know, my head has been burried in my book so I'm
> a little lost with regard to such things.
You really should just use the 'normal' pdb_ldap stuff, unless you have
a *really* good reason not to. Because there is much more involved than
just getting the auth - we need the user in the SAM anyway.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030109/861b5e08/attachment.bin
More information about the samba-technical
mailing list