[Samba] passwd: Authentication token manipulation error
John H Terpstra
jht at samba.org
Mon Feb 3 19:44:56 GMT 2003
On Mon, 3 Feb 2003, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, 2 Feb 2003, John H Terpstra wrote:
>
> > On Sun, 2 Feb 2003, Thorsten D. Marsen wrote:
> >
> > > Hi John,
> > >
> > > > The smbpasswd utilitiy only changes the password in /etc/samba/smbpasswd.
> > > > It does NOT use PAM at all.
> > > >
> > > > The system tool 'passwd' (/bin/passwd or /usr/bin/passwd) will use PAM.
> > > > Whatever you configure PAM to do it will follow.
> > > >
> > > > Firstly, pam_smbpass.so does NOT do unix system password changing! It can
> > > > be added to your PAM configuration to update the /etc/samba/smbpasswd
> > > > file.
> > >
> > > In the case LDAP is configured, smbpasswd will change the lm/ntPassword
> > > Fields in the Samba Schemata instead of /etc/samba/smbpasswd. Do you know if
> > > pam_smbpass.so also regognizes this configuration?
> >
> > No. pam_smbpass.so is a PAM module that directly acts on the
> > /etc/samba/smbpasswd file.
>
> No John. Thorsten is right. If compiled with --with-ldapsam,
> pam_smbpass.so will change the lm/nt password atribute in an LDAP
> directory. The reason is that pam_smbpass uses the pdb interface for
> updating account information.
Gerry,
Thanks for clearing that up. I should have checked the code more
carefully.
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list