Samba/HP-UX question.

Andrew Bartlett abartlet at pcug.org.au
Thu Jan 17 04:20:03 GMT 2002


"Ladner, Eric (Eric.Ladner)" wrote:
> 
> Couple of questinos.. I've poked around the web a bit and the Samba
> documentation and haven't really found a good answer.
> 
> Given an HP-UX 11.0 system and the latest 2.X Samba distro, here's what I'm
> trying to do:
> 
> Use Samba (possibly with winbind?) functionality to allow authentication via
> a NT PDC.
> 
> The problem I'm having visualizing is how that authentication happens.  At
> the system level, all of these things go through getpwent (or the
> secure/shadow version of that call).  How exaclty can that call be hijacked
> by Samba and redirected to an NT domain for authentication?

Winbind simply disables all passwords in this case.  

> The basic problem is that we have an application (call it X) that requires a
> LOT of users and concequently a LOT of password changes, corporate IT
> password standards that the application dosn't support, etc.. It's messy.
> 
> What we'd like to see is that the username/password that the user types in
> to the application interface is authenticated via a PDC rather than the
> /etc/passwd file.
> 
> This application does NOT use PAM.  This I think has been my roadblock up to
> now.

And so it shal remain.  If you have the sources for the app you could
use the winbind interface directly, without going via PAM.

> Does the getpwent code have flexibility?  I.e. can something be put in
> resolv.conf to allow for alternate resolution for passwords?  Did I miss a
> document somewhere?

What you propose (somehow putting a crypt-compatible password in a
getent return isn't possible.  

> Sorry for the rambling email, but I'm not sure where to start at the moment.

BTW, does winbind support HP-UX yet?

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba mailing list