samba and pam

Netexpress Overseas Extension Services vorlon at
Thu Apr 2 02:34:22 GMT 1998

Since I now have something which at least pretends to work, I suppose an
announcement is in order.

Those among you who track samba development are probably aware that samba
1.9.18p4 includes support for synchronising a unix database when changing
an SMB password.  I'm currently working on a PAM module which will provide
similar functionality for all applications compiled with PAM support:
pam_smbpass.  This authentication/password module uses local function
calls to query and/or update a samba-style SMB password file, and is
readily stackable. pam_smbpass provides similar functionality as would be
achieved via the smb_crypt module by Tom Ryan and smbd's new remote
password-changing routines, but offers the additional advantage of being
able to remove the authentication/encryption routines from the samba suite
itself in favor of the more flexible PAM interface.

Although this module is capable of serving as an authentication module, it
comes with a caveat:  the present implementation will only handle as valid
input plaintext passwords. Consequently, it combines the disadvantages of
traditional unix models (plaintext passwords on the network) with those of
the NT password model (plaintext passwords on the hard drive).  In the
near future, I intend to revise the module to support authentication via
hashed passwords.

In the meantime, I welcome anyone who's interested to kick pam_smbpass
around.  It's available for download from in either tar.gz or RedHat rpm format.
Kick it around, let me know if you find any bugs..  It's so far withstood
everything I've thrown at it, but there's nothing like putting it on the
open network to turn up coding errors. :)

                         -Steve Langasek
                          vorlon at / vorlon at

More information about the samba mailing list