[PATCH] Remove pam_smbpass module from Samba source code

Andrew Bartlett abartlet at samba.org
Fri Oct 9 19:49:36 UTC 2015 

On Fri, 2015-10-02 at 10:41 +0200, Andreas Schneider wrote:
> On Thursday 01 October 2015 21:41:53 Jelmer Vernooij wrote:
> > On Thu, Jan 22, 2015 at 08:37:39PM +0100, Andreas Schneider wrote:
> > > Hello,
> > > 
> > > as the pam_smbpass module is unmaintained and bit rots. As Volker
> > > also
> > > suggested, we remove it completely from the Samba source code.
> > > 
> > > 
> > > The same can be achieved using pam_winbind.
> > > 
> > > 
> > > If there is a reason why this can't be removed, please speak up!
> > 
> > Are there still plans to remove pam-smbpass? The source code has a
> > warning
> > saying it will be removed in Samba 4.3. However, the source for 4.3
> > still
> > has pam-sm bpass in it.
> > 
> > Jelmer
> 
> 
> We did not announce it in the WHATSNEW.txt in Samba 4.3 afair ...

Yeah, we mucked that bit up.  I guess we should put that in the next
4.3 WHATSNEW.txt

I was a bit ambivilent about it, but after hitting 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799840 
I'm now officially grumpy :-)

Unmaintained security-sensitive software doesn't have a place in Samba.
We have enough of that kind of code that we have no choice but to
maintain.  

I like the theory of local login using the local smbpasswd file, so we
don't just rely on dodgy sync schemes (and if the passwords are in
sync, then the computational security of the shadow hash is pointless
anyway), but it never caught on.  (Except by total accident in Debian,
and I still don't know what I did to make it end up on by default).

Attached is the patch to remove it from master.  While almost certainly
unnoticed, the pam_smbpass readme does disclaim this module for Samba
4.3.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-pam_smbpass-REMOVE-this-PAM-module.patch
Type: text/x-patch
Size: 65846 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151010/c4a92633/0001-pam_smbpass-REMOVE-this-PAM-module.bin>

More information about the samba-technical mailing list