[PATCH] enhancing lp_obey_pam_restrictions()

simo idra at samba.org
Fri Dec 1 15:01:54 GMT 2006


On Fri, 2006-12-01 at 09:04 +0100, Volker Lendecke wrote:
> On Thu, Nov 30, 2006 at 03:49:40PM -0500, simo wrote:
> > While testing the lp_obey_pam_restrictions() option I found out that the
> > account stack is no tested in the security = server,domain,ads but we
> > always call the session stack (because it is embedded in
> > register_vuid->session_claim).
> > 
> > I think it make sense to let the admin use their own pam modules for
> > account control and make obey pam restriction effectively obey them if
> > present.
> > 
> > Attached there is a patch that should cover all authentication paths for
> > smbd where it is meaningful to call the pam account stack.
> > 
> > Comments?
> > Unless there are objections I will proceed and commit the patch in the
> > next days.
> 
> Looks good. Although I would prefer that you seperate out
> the "other" fixes like memleak ones into a separate checkin.

Ok I'll fix the memleaks first and then commit the rest, thanks for
reviewing.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list