external authentication

[Andrew Bartlett]

> Marbacher Christophe wrote:
> 
> Hi,
> 
> Is there any way to authenticate users using something else than
> static passwords stored in smbpasswd or ldap? For example tokens
> (ActivCard, SecurID, ...)? Is there a way to tell samba to launch a
> program with parameters, and depending on the result, accept or deny
> login?
> 
> If anybody has an idea, it would be nice to contact me.

This is quite a possible extension to the authenticaion subsystem in
HEAD.  

It would depend on both the client and the server 'knowing' the same
password (for encrypted passwords) or somthing similar for a plaintext
(PAM based) approach.  The latter I presume would be secure with tokens,
but exposes issues with convincing clients to use them.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net