[PATCH] Remove pam_smbpass module from Samba source code
abartlet at samba.org
Sun Jan 25 23:32:23 MST 2015
On Sun, 2015-01-25 at 11:23 -0500, Simo wrote:
> On Sun, 2015-01-25 at 11:17 +0100, Volker Lendecke wrote:
> > On Sun, Jan 25, 2015 at 06:18:25PM +1300, Andrew Bartlett wrote:
> > > Indeed. In an ideal, theoretical sense, having both a unix and a Samba
> > > password brings no advantages, and plenty of disadvantages. I certainly
> > > wish that we had, years ago, set a standard that if you used the Samba
> > > password for local PAM logins, that we only used Samba passwords.
> > >
> > > Sadly, it is used in the default debian config of pam_smbpass (again,
> > > this may not be ideal).
> > Even if debian has it enabled by default, what are the real requirements
> > that debian has that can not be fulfilled with just smb passwords in
> > the PAM stack?
> > I'd still vote to remove this and thus also remove the migrate feature. If
> > the debian community comes up with a compelling case then we might
> > reconsider to code something up that helps their specific needs.
> This module is nothing short of awful on so many levels.
> I think the Samba Team should drop it. If there are people really
> depending on this feature they can pick it up and maintain a fork on
> their own.
> My guess is that the few that use it do so only because it is available
> from the Samba Tam and would drop it otherwise.
I agree that the vast majority of users pick it up because of the
packaging defaults. I've looked on Debian testing and in the online
info for Ubuntu, but I can't see the reason from a packaging
perspective, so perhaps it's historical or has changed.
If we do decide to get rid of it, I'll try and keep it out of the next
Debian, to avoid the situation we had with the pre-release samba AD DC
ending up in stable.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical