[Samba] 'multi-layered' authentication
Andrew Bartlett
abartlet at samba.org
Thu Jan 22 00:03:38 GMT 2004
On Thu, 2004-01-22 at 10:34, webster at lexmark.com wrote:
> Much thanks for the reply.
>
>
> Now, please tell me that this paragraph, from the description for
> 'obey pam restrictions' in smb.conf(5), is old (& false in Samba 3):
>
> "Note that Samba always ignores PAM for authentication in the case of
> encrypt passwords = yes. The reason is that PAM modules cannot
> support the challenge/response authentication mechanism needed
> in the presence of SMB password encryption."
This paragraph is correct (if slightly badly worded). We honour account
and session modules, but not auth modules.
'pam password change' causes us to honer password modules, btw.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040122/4bbad10b/attachment.bin
More information about the samba
mailing list