[PATCH] Remove pam_smbpass module from Samba source code
TAKAHASHI Motonobu/高橋 基信
monyo at monyo.com
Sat Jan 24 05:48:20 MST 2015
> From: Volker Lendecke <Volker.Lendecke at SerNet.DE>
> Date: Fri, 23 Jan 2015 12:38:07 +0100
> On Fri, Jan 23, 2015 at 10:48:27PM +1300, Andrew Bartlett wrote:
>> On Thu, 2015-01-22 at 20:37 +0100, Andreas Schneider wrote:
>> > as the pam_smbpass module is unmaintained and bit rots. As Volker also
>> > suggested, we remove it completely from the Samba source code.
>> > The same can be achieved using pam_winbind.
>> > If there is a reason why this can't be removed, please speak up!
>> The biggest thing this module does that pam_winbind doesn't do is the
>> 'migrate' option, which allows the samba password to be automatically
>> kept in sync. We also need to be sure you can configure pam_winbind to
>> match exactly the pam_smbpass behaviour.
> Is that really used a lot? I'd say that you can fulfill most
> requirements with just the smbpasswd values being the
> only password source. But of course, if there's really high
> demand we can add this as a special mode or even a tiny pam
> module on its own to the winbind scenario.
>> Finally, the thing pam_smbpass gives us is that it can run without
>> having a daemon running.
> For people who can't afford to run winbind at all, we could
> in theory add a "winbind on demand" mode that forks winbind
> when necessary. The gamin FAM library does something in that
> direction. I'd call this much better than linking in passdb
> and all its dependencies.
I think 'migrate' option is not used a lot. On some distro, this
option is set by default and makes troubles.
But on standalone boxes, pam_smbpass is still used to sync UNIX
password to Samba. This works fine so we do not need any change to
this module, I think.
Currently, there are no altinatives, so pam_smbpass is still
TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
More information about the samba-technical