[Samba] using winbind in pam.d/system-auth, double prompts fo r password

Manuel Gomez ERG at e-r-solutions.com
Wed May 22 12:22:02 GMT 2002


Try using the "use_first_pass" directive in your pam.conf file (or the
relevant file in /etc/pam.d/ - on my system it's /etc/pam.d/login).  You'll
no doubt find more information in the relevant (PAM) man pages.

My /etc/pam.d/login line for winbind looks like this:
auth		required	pam_unix.so		use_first_pass

Manuel Gomez 

-----Original Message-----
From: Gregg Lebovitz [mailto:gregg at suma.com] 
Sent: Wednesday, May 22, 2002 10:38 AM
To: samba at lists.samba.org
Subject: [Samba] using winbind in pam.d/system-auth, double prompts for

I am using samba-2.2.3a and samb-2.2.4 in my windows-2000 environment and
have the my linux systems configured to use winbind in addition to standard
unix for authentication. 

The problem I am seeing is that linux services and programs that prompt for
a password will prompt first for unix authentication and then a second time
for winbind authentication. 

Is there anyway to using winbind and unix authentication without requiring
two separate password prompts? 

My system-auth file contains: 

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_winbind.so
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     sufficient    /lib/security/pam_winbind.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


More information about the samba mailing list