[PATCH] Remove pam_smbpass module from Samba source code
Jeremy Allison
jra at samba.org
Sun Oct 11 02:49:50 UTC 2015
On Sat, Oct 10, 2015 at 08:49:36AM +1300, Andrew Bartlett wrote:
> On Fri, 2015-10-02 at 10:41 +0200, Andreas Schneider wrote:
> > On Thursday 01 October 2015 21:41:53 Jelmer Vernooij wrote:
> > > On Thu, Jan 22, 2015 at 08:37:39PM +0100, Andreas Schneider wrote:
> > > > Hello,
> > > >
> > > > as the pam_smbpass module is unmaintained and bit rots. As Volker
> > > > also
> > > > suggested, we remove it completely from the Samba source code.
> > > >
> > > >
> > > > The same can be achieved using pam_winbind.
> > > >
> > > >
> > > > If there is a reason why this can't be removed, please speak up!
> > >
> > > Are there still plans to remove pam-smbpass? The source code has a
> > > warning
> > > saying it will be removed in Samba 4.3. However, the source for 4.3
> > > still
> > > has pam-sm bpass in it.
> > >
> > > Jelmer
> >
> >
> > We did not announce it in the WHATSNEW.txt in Samba 4.3 afair ...
>
> Yeah, we mucked that bit up. I guess we should put that in the next
> 4.3 WHATSNEW.txt
>
> I was a bit ambivilent about it, but after hitting
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799840
> I'm now officially grumpy :-)
>
> Unmaintained security-sensitive software doesn't have a place in Samba.
> We have enough of that kind of code that we have no choice but to
> maintain.
>
> I like the theory of local login using the local smbpasswd file, so we
> don't just rely on dodgy sync schemes (and if the passwords are in
> sync, then the computational security of the shadow hash is pointless
> anyway), but it never caught on. (Except by total accident in Debian,
> and I still don't know what I did to make it end up on by default).
>
> Attached is the patch to remove it from master. While almost certainly
> unnoticed, the pam_smbpass readme does disclaim this module for Samba
> 4.3.
LGTM - pushed !
More information about the samba-technical
mailing list