PAM w/ OPIE
Robert Flemming
flemming at spiralout.net
Thu Jan 17 14:45:03 GMT 2002
On Thu, Jan 17, 2002 at 05:30:03PM -0500, MCCALL,DON (HP-USA,ex1) wrote:
> Samba doesn't use the pam modules for unencrypted password authentication
> UNLESS you configure/make samba with the option --with-pam. Otherwise, it
> just gets the password entry via getpwnam/getpwent and uses crypt/bigcrypt
> to one way encrypt the plaintext password it is passed and compare it with
> what comes back from getpwent/getpwnam...
> So the minimum you'd need to get this working is to remove the config.cache,
> and rerun configure --with-pam and do another make to get new binaries.
> There may be other subtlies I am not aware of as well...
> Hope this helps,
skippy:~# ldd /usr/sbin/nmbd|grep pam
libpam.so.0 => /lib/libpam.so.0 (0x4004b000)
skippy:~# ldd /usr/sbin/smbd|grep pam
libpam.so.0 => /lib/libpam.so.0 (0x4004b000)
And like I said it IS passing things off to PAM and the OPIE portion of things
is saying that authentication succeeded. The reason I know this is true is
because the opiekeys file shows the sequence number has decreased by one
which would not happen if authentication failed. PAM looks like it's doing
it's thing just fine and Samba is indeed handing things off to PAM, it just
appears to be whatever it's doing after that is broke :)
Robert
More information about the samba
mailing list