[Samba] pam_smbpass.so in /etc/pam.d/samba ?

Bradley W. Langhorst brad at langhorst.com
Fri Jul 26 08:54:01 GMT 2002

I'm getting up to speed on the pam stuff... 

I've got an ldap backend for both samba and the unix pwdb 
(via nss_ldap and pam_ldap) 

I want to keep NT and linux passwords in sync so I've modified my pam 
scripts to require pam_smbpass.so as well as pam_unix.so. 
eg from /etc/pam.d/passwd 

password requisite      pam_cracklib.so retry=3 minlen=6 difok=3 
password required       pam_ldap.so use_authtok 
password required       pam_unix.so use_authtok nullok md5 
password required       pam_smbpass.so nullok use_authtok 

but now i'm considering /etc/pam.d/samba 

it is currently 
auth            sufficient      pam_ldap.so 
auth            required        pam_unix.so nullok 
account         sufficient      pam_ldap.so 
account         required        pam_unix.so 
session         sufficient      pam_ldap.so 
session         required        pam_unix.so 

password        sufficient      pam_ldap.so 
password        required        pam_unix.so use_first_pass 

do i need to add a 
password required       pam_smbpass.so nullok use_authtok 
or will that do this 
1) change lmPassword and ntPassword 
2) trigger pam.d unix sync b/c of pam password change = Yes 
2a) change unix_pw 
2b) change lmPassword and ntPassword 

also can a put in a cracklib line in there (and have it do what i want)?



PS Jerry: the pam_smbpass LDAP makefile patch seems to work fine. 

More information about the samba mailing list