[PATCH] Remove pam_smbpass module from Samba source code

TAKAHASHI Motonobu/高橋 基信 monyo at monyo.com
Sat Jan 24 05:48:20 MST 2015


> From: Volker Lendecke <Volker.Lendecke at SerNet.DE>
> Date: Fri, 23 Jan 2015 12:38:07 +0100
> On Fri, Jan 23, 2015 at 10:48:27PM +1300, Andrew Bartlett wrote:
>> On Thu, 2015-01-22 at 20:37 +0100, Andreas Schneider wrote:
>> > 
>> > as the pam_smbpass module is unmaintained and bit rots. As Volker also 
>> > suggested, we remove it completely from the Samba source code.
>> > 
>> > The same can be achieved using pam_winbind.
>> > 
>> > If there is a reason why this can't be removed, please speak up!
>> The biggest thing this module does that pam_winbind doesn't do is the
>> 'migrate' option, which allows the samba password to be automatically
>> kept in sync.  We also need to be sure you can configure pam_winbind to
>> match exactly the pam_smbpass behaviour. 
> Is that really used a lot? I'd say that you can fulfill most
> requirements with just the smbpasswd values being the
> only password source. But of course, if there's really high
> demand we can add this as a special mode or even a tiny pam
> module on its own to the winbind scenario.
>> Finally, the thing pam_smbpass gives us is that it can run without
>> having a daemon running. 
> For people who can't afford to run winbind at all, we could
> in theory add a "winbind on demand" mode that forks winbind
> when necessary. The gamin FAM library does something in that
> direction. I'd call this much better than linking in passdb
> and all its dependencies.
> Volker

I think 'migrate' option is not used a lot. On some distro, this 
option is set by default and makes troubles.

But on standalone boxes, pam_smbpass is still used to sync UNIX
password to Samba. This works fine so we do not need any change to
this module, I think.

Currently, there are no altinatives, so pam_smbpass is still

TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo 

More information about the samba-technical mailing list