[PATCH] Remove pam_smbpass module from Samba source code
abartlet at samba.org
Fri Jan 23 02:48:27 MST 2015
On Thu, 2015-01-22 at 20:37 +0100, Andreas Schneider wrote:
> as the pam_smbpass module is unmaintained and bit rots. As Volker also
> suggested, we remove it completely from the Samba source code.
> The same can be achieved using pam_winbind.
> If there is a reason why this can't be removed, please speak up!
The biggest thing this module does that pam_winbind doesn't do is the
'migrate' option, which allows the samba password to be automatically
kept in sync. We also need to be sure you can configure pam_winbind to
match exactly the pam_smbpass behaviour.
Finally, the thing pam_smbpass gives us is that it can run without
having a daemon running.
I do realise that loading Samba into another process is a big problem, I
just wanted to give another perspective.
I'm also a little horrified that most installations of Samba 4.0 on
debian/Ubuntu seem to be installing pam_smbpass (we notice because it
for the longest time printed a talloc_stackframe warning due to
loadparm, which folks noticed). That may be my fault - I may have
mucked things up when I did the Debian package work - but what I wanted
to say is that pam_smbpass should be installed by folks who specifically
need it, not everyone by default.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical