[PATCH] Remove pam_smbpass module from Samba source code

Michael DePaulo mikedep333 at gmail.com
Thu Jan 29 06:20:59 MST 2015

On Thu, Jan 29, 2015 at 2:21 AM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Wed, Jan 28, 2015 at 09:03:47PM -0500, Michael DePaulo wrote:
>> We also need it for this reason. See "Password Synchronization Configuration":
>> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html
> What is your exact requirement here? What service depends on
> literally looking at /etc/shadow and can't go through PAM?

I am not sure what you are asking. We are using PAM, but we use
pam_smbpass for "password", not for "auth".

We have an externally-imposed requirement that authentication through
the display manager, sshd, etc must use /etc/shadow through PAM. We
also need smbd to authenticate users with the same usernames and
passwords. So the only solution we could identify was to put SAMBA in
"security = users" mode, and keep smbpasswd in sync with /etc/shadow
when a user changes their password through PAM.

More information about the samba-technical mailing list