[Samba] PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate SSH

Buchan Milne bgmilne at cae.co.za
Wed May 22 04:43:41 GMT 2002 

> Message: 15
> From: mjd at alphalink.com.au
> Reply-To: mjd at alphalink.com.au
> To: samba at lists.samba.org
> Date: Wed, 22 May 2002 14:14:10 +1000
> Subject: [Samba] PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate SSH
> 
> Hello,
> 
> I'm currently running winbind (from Samba 2.2.3a) so that our
> Windows users can ssh into our Linux box.  I've set up Samba,
> PAM and winbind, and it's working well.  Users can see their
> files, and they can log in using their windows usernames.  No
> problem.
> 
> When users access their Samba share, they don't need
> to reauthenticate, because they've already done so with
> the PDC via their Windows box.
> 
> Is there a way to set up PAM so that authenticated Windows
> users who ssh into the Linux box don't need to type a
> password?  (This will make using CVS much easier)
> 

If you get them to generate ssh-keys, and put the public key in 
~/.ssh/authorized_keys on the server, then they won't need passwords. 
You will either:

1)Have to get ssh-agent working on windows (I haven't managed, but 
Putty's pageant does work, but that's not what you want for cvs)

2)Create keys without passphrases.

Just check the perms on ~/.ssh, ssh is quite sticky (for good reason). 
Must be 700 on ~/.ssh, and 600 on ~/.ssh/* except for ~/.ssh/*public*

Since we have Z: mapped as the home directory on our samba server, we 
set the HOME env variable on windows to Z:, which ensures that cygwin 
ssh uses the same .ssh as linux :-).

> I have looked at winbind, pam_smb_pass, pam_smb_auth and
> pam_ntdom but can't seem to find any clearcut answer to
> this question.

Has anyone thought of writing  a pam_ntlm (or something) module that 
would do the same? Or should pam_winbind handle this?

Buchan

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list