[Samba] pam_smbpass.so in /etc/pam.d/samba ?
Bradley W. Langhorst
brad at langhorst.com
Fri Jul 26 08:54:01 GMT 2002
I'm getting up to speed on the pam stuff...
I've got an ldap backend for both samba and the unix pwdb
(via nss_ldap and pam_ldap)
I want to keep NT and linux passwords in sync so I've modified my pam
scripts to require pam_smbpass.so as well as pam_unix.so.
eg from /etc/pam.d/passwd
password requisite pam_cracklib.so retry=3 minlen=6 difok=3
password required pam_ldap.so use_authtok
password required pam_unix.so use_authtok nullok md5
password required pam_smbpass.so nullok use_authtok
but now i'm considering /etc/pam.d/samba
it is currently
auth sufficient pam_ldap.so
auth required pam_unix.so nullok
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so
password sufficient pam_ldap.so
password required pam_unix.so use_first_pass
do i need to add a
password required pam_smbpass.so nullok use_authtok
line?
or will that do this
1) change lmPassword and ntPassword
2) trigger pam.d unix sync b/c of pam password change = Yes
2a) change unix_pw
2b) change lmPassword and ntPassword
also can a put in a cracklib line in there (and have it do what i want)?
thanks!
brad
PS Jerry: the pam_smbpass LDAP makefile patch seems to work fine.
More information about the samba
mailing list