[Samba] "obey pam restrictions" and encrypted passwords
Alceu Rodrigues de Freitas Jr.
glasswalk3r at yahoo.com.br
Sat Nov 9 17:05:02 GMT 2002
Hello everybody,
I´ve tested configuring the file /etc/pam.d/samba to
use pam_limits.so (in "session" statement) and setup
in /etc/samba/smb.conf the directive "obey pam
restrictions" as YES.
Then I´ve setup the file /etc/security/limits.conf
with:
* - maxlogins 2
It works fine with I tried to connect to a sharing
more than twice using smbclient (from a Linux box).
The matter is, if I try from a Windows98SE station, I
can login without any problem: the restriction is not
applied.
Seems to be that the problem to deal with encrypted
password still works, or something else is wrong? I
did not tested with account statement in
/etc/pam.d/samba, but the results should be the same
with both account and session, or not?
Thanks again,
Alceu
--- Andrew Bartlett <abartlet at samba.org> escreveu: >
On Wed, 2002-11-06 at 07:52, Alceu Rodrigues de
> Freitas Jr. wrote:
> > Hello everybody,
> >
> > I´m using Red Hat 7.3 with Samba setup as a PDC,
> and
> > I´m having a doubt.
> >
> > I am studying the directive "obey pam
> restrictions"
> > because I would like to limit the number of logins
> > with the same id. The documentation provided by
> SWAT
> > tells me that encrypted passwords (like used by
> > Windows98SE) will NOT follow these restrictions.
> >
> > Anybody could tell me if this information is
> really
> > valid? If yes, there is any other way for me to
> setup
> > Samba PDC server to do not allow more than one
> login
> > with the same ID?
>
> Encrypted passwords will not obey any restrictions
> that are set for the
> 'auth' part of PAM. I just can't work. (What would
> you send as the
> password?)
>
> However, it can obey restrictions set under account
> or session, and that
> is what this option enables.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team
> abartlet at samba.org
> Student Network Administrator, Hawker College
> abartlet at hawkerc.net
> http://samba.org http://build.samba.org
> http://hawkerc.net
>
> ATTACHMENT part 2 application/pgp-signature
name=signature.asc
=====
Alceu Rodrigues de Freitas Junior
--------------------------------------
glasswalk3r at yahoo.com.br
http://www.imortais.cjb.net
--
Hell is empty and all the devils are here.
-- Wm. Shakespeare, "The Tempest"
_______________________________________________________________________
Yahoo! GeoCities
Tudo para criar o seu site: ferramentas fáceis de usar, espaço de sobra e acessórios.
http://br.geocities.yahoo.com/
More information about the samba
mailing list