[Samba] pam_smbpass

Bradley W. Langhorst brad at langhorst.com
Tue Aug 20 20:47:00 GMT 2002 

i'm a little too fast with the emails...

it looks like both HEAD and SAMBA_2_2 
do the null comparison instead of testing the return value.

brad
On Wed, 2002-08-21 at 01:31, Bradley W. Langhorst wrote:
> it may have been fixed in head.
> i didn't mention that this is 2.2.5pre ...
> 
> sorry
> 
> brad
> On Tue, 2002-08-20 at 20:24, abartlet at dp.samba.org wrote:
> > On Wed, Aug 21, 2002 at 01:05:48AM -0400, Bradley W. Langhorst wrote:
> > > 
> > > Okay - I've got samba working as a PDC with and ldap backend.
> > > 
> > > I want to have some users not be in ldap (like the built in stuff like
> > > cyrus, mail, lp etc)
> > > 
> > > 
> > > I can get that to work with the pam_ldap and pam_unix but pam_smbpass 
> > > doesn't seem to return user_unknown as i expect for users who are not in
> > > the ldap database 
> > > 
> > > does this make sense?
> > 
> > Yes, this patch is correct.  I was under the impression that this had been
> > fixed, but I'll fix it in HEAD...
> > 
> > > --- pam_smb_passwd.c    12 Feb 2002 15:56:19 -0000      1.1.2.8
> > > +++ pam_smb_passwd.c    20 Aug 2002 23:41:57 -0000
> > > @@ -126,9 +126,9 @@
> > > 
> > >      /* obtain user record */
> > >      pdb_init_sam(&sampass);
> > > -    pdb_getsampwnam(sampass,user);
> > > +    /*pdb_getsampwnam(sampass,user);*/
> > > 
> > > -    if (sampass == NULL) {
> > > +    if (!pdb_getsampwnam(sampass,user)) {
> > >          _log_err( LOG_ALERT, "Failed to find entry for user %s.", user
> > > );
> > >          return PAM_USER_UNKNOWN;
> > >      }
> > > 
> > > I don't think there should be any difference between these two bits of
> > > code (and I've not yet tested it) but I don't understand why this is
> > > failing...
> > 
> > It depends on initialisation etc - if that call fails, it wont touch the 
> > sampass and the 'init' ensures it's not NULL.
> > 
> > > password requisite      pam_cracklib.so retry=3 minlen=6 difok=3 debug
> > > password [user_unknown=ignore success=ok new_authtok_reqd=ok
> > > ignore=ignore default=bad] pam_ldap.so use_first_pass
> > > password required       pam_unix.so use_first_pass nullok md5 debug
> > > password [user_unknown=ignore success=ok new_authtok_reqd=ok
> > > ignore=ignore default=bad] pam_smbpass.so use_first_pass audit
> > 
> > This looks this a useful config...
> > 
> > Andrew Bartlett
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 
>

More information about the samba mailing list