[Samba] "obey pam restrictions" and encrypted passwords

Alceu Rodrigues de Freitas Jr. glasswalk3r at yahoo.com.br
Sat Nov 9 17:05:02 GMT 2002 

Hello everybody,

I´ve tested configuring the file /etc/pam.d/samba to
use pam_limits.so (in "session" statement) and setup
in /etc/samba/smb.conf the directive "obey pam
restrictions" as YES.

Then I´ve setup the file /etc/security/limits.conf
with:
* - maxlogins 2

It works fine with I tried to connect to a sharing
more than twice using smbclient (from a Linux box).
The matter is, if I try from a Windows98SE station, I
can login without any problem: the restriction is not
applied.

Seems to be that the problem to deal with encrypted
password still works, or something else is wrong? I
did not tested with account statement in
/etc/pam.d/samba, but the results should be the same
with both account and session, or not?

Thanks again,
Alceu

 --- Andrew Bartlett <abartlet at samba.org> escreveu: >
On Wed, 2002-11-06 at 07:52, Alceu Rodrigues de
> Freitas Jr. wrote:
> > Hello everybody,
> > 
> > I´m using Red Hat 7.3 with Samba setup as a PDC,
> and
> > I´m having a doubt.
> > 
> > I am studying the directive "obey pam
> restrictions"
> > because I would like to limit the number of logins
> > with the same id. The documentation provided by
> SWAT
> > tells me that encrypted passwords (like used by
> > Windows98SE) will NOT follow these restrictions.
> > 
> > Anybody could tell me if this information is
> really
> > valid? If yes, there is any other way for me to
> setup
> > Samba PDC server to do not allow more than one
> login
> > with the same ID?
> 
> Encrypted passwords will not obey any restrictions
> that are set for the
> 'auth' part of PAM.  I just can't work. (What would
> you send as the
> password?)
> 
> However, it can obey restrictions set under account
> or session, and that
> is what this option enables.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                
> abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team 
> abartlet at samba.org
> Student Network Administrator, Hawker College  
> abartlet at hawkerc.net
> http://samba.org     http://build.samba.org    
> http://hawkerc.net
> 

> ATTACHMENT part 2 application/pgp-signature
name=signature.asc
 


=====
Alceu Rodrigues de Freitas Junior
--------------------------------------
glasswalk3r at yahoo.com.br
http://www.imortais.cjb.net
--
Hell is empty and all the devils are here.
		-- Wm. Shakespeare, "The Tempest"

_______________________________________________________________________
Yahoo! GeoCities
Tudo para criar o seu site: ferramentas fáceis de usar, espaço de sobra e acessórios.
http://br.geocities.yahoo.com/

More information about the samba mailing list