[PATCH] Remove pam_smbpass module from Samba source code

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Jan 23 04:38:07 MST 2015

On Fri, Jan 23, 2015 at 10:48:27PM +1300, Andrew Bartlett wrote:
> On Thu, 2015-01-22 at 20:37 +0100, Andreas Schneider wrote:
> > Hello,
> > 
> > as the pam_smbpass module is unmaintained and bit rots. As Volker also 
> > suggested, we remove it completely from the Samba source code.
> > 
> > 
> > The same can be achieved using pam_winbind.
> > 
> > 
> > If there is a reason why this can't be removed, please speak up!
> The biggest thing this module does that pam_winbind doesn't do is the
> 'migrate' option, which allows the samba password to be automatically
> kept in sync.  We also need to be sure you can configure pam_winbind to
> match exactly the pam_smbpass behaviour. 

Is that really used a lot? I'd say that you can fulfill most
requirements with just the smbpasswd values being the
only password source. But of course, if there's really high
demand we can add this as a special mode or even a tiny pam
module on its own to the winbind scenario.

> Finally, the thing pam_smbpass gives us is that it can run without
> having a daemon running. 

For people who can't afford to run winbind at all, we could
in theory add a "winbind on demand" mode that forks winbind
when necessary. The gamin FAM library does something in that
direction. I'd call this much better than linking in passdb
and all its dependencies.


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list