Samba as a member of an NT domain - questions

[Stephen Langasek]

On Sat, 5 Jun 1999 sarnold at coyote.rain.org wrote:

> [snip]
> > The solution I thought of was installing PAM_NTdom, to let linux
> > authenticate users via and PDC as wel. That way all of my users
> > are registered on the PDC. Whenever someone goes to the Linux
> > machine (either through samba, or direct) the machine asks the
> > PDC. But it didn't work, because I think that SuSE does not
> > support PAM modules? Does anyone know if that is correct? Or can
> > I install that?

> PAM should already be installed on *any* linux distribution (it's 
> standard on linux and solaris).  I've never heard of PAM_NTdom, but 
> you can find PAM docs on the Sun support site, as well as in your 
> linux /usr/doc tree.

This is by no means the case.  PAM is originally the work of Sun
Microsystems, and there is an XSSO spec; it was only a couple of years ago
that RedHat became the first Linux distro to support it by means of the
Linux-PAM package.  Since then, several other distros have moved toward
accepting it, but I don't know that any of them recommend, let alone
enforce, the use of PAM on their systems.

The way to see if you have PAM on your Linux system is to simply run
'/sbin/ldconfig -p|grep pam'... if you see libpam, it's there, if not, it
isn't.  If it isn't there, you can install it, but you would also have to
recompile all the applications you want to make use of it.  If this is
really a feature you require, in the short term I'm afraid switching to
RedHat would probably be an easier solution than trying to graft PAM on to a
distro that doesn't support it.

-Steve Langasek
postmodern programmer