PAM w/ OPIE
Andrew Bartlett
abartlet at pcug.org.au
Thu Jan 17 19:22:05 GMT 2002
Robert Flemming wrote:
>
> It seems I may be the first to try, but has anyone had any experience in
> setting up Samba as a PDC then using the OPIE modules for PAM to try and setup
> an NT domain that requires one time passwords?
Will Not Work.
Samba's PDC operation *requires* encrypted passwords, and therefore will
not contact PAM during a domain logon. Feel free however to contribute
an encrypted varient of OPIE for the auth subsystem.
If you are acting as just a file-server it could work, but remember that
many windows clients UPPER CASE the password prior to send, which just
makes life miserable.
Once you get the passsword to PAM however (and samba 'cracks' the
password back into the correct case) it should work. Could you try this
out with Samba HEAD - if there is an issue there I would like to look at
it.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list