[PATCH] Remove pam_smbpass module from Samba source code

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Jan 29 13:42:09 MST 2015


On Thu, Jan 29, 2015 at 08:20:59AM -0500, Michael DePaulo wrote:
> On Thu, Jan 29, 2015 at 2:21 AM, Volker Lendecke
> <Volker.Lendecke at sernet.de> wrote:
> > On Wed, Jan 28, 2015 at 09:03:47PM -0500, Michael DePaulo wrote:
> >> We also need it for this reason. See "Password Synchronization Configuration":
> >> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html
> >
> > What is your exact requirement here? What service depends on
> > literally looking at /etc/shadow and can't go through PAM?
> 
> I am not sure what you are asking. We are using PAM, but we use
> pam_smbpass for "password", not for "auth".
> 
> We have an externally-imposed requirement that authentication through
> the display manager, sshd, etc must use /etc/shadow through PAM. We

Hmm. I thought the whole point of PAM is to abstract away
access to /etc/shadow and possibly redirect this to other
auth sources like an LDAP server and/or our smbpasswd file.

Where does your externally-imposed come from? Is that a
legal requirement? I don't see any technical reason.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba-technical mailing list