[Samba] poppassd and pam_winbind.so
Mat Allgood
mallgood at gmail.com
Fri Jul 23 06:18:51 GMT 2004
I thought that I would post this and see what others think.
I wanted a way to authenticate mail users with pass through auth to a
win2k box, so I don't have to add accounts on our mail server, just
the 2k box. But the problem is a way for them to change their password
off-site.
So I've been trying to get poppassd (1.8.4 - current) to work with the
pam_winbind.so module with very limited success the last couple of
days. So I started digging into the actual source of the winbind
module and the source for the poppassd daemon. I thought it might be
the way the PAM module was dealing with AUTHTOK and OLDAUTHTOK, but I
think I finally nailed it down. It seems that the poppassd's PAM
conversation function is somewhat lacking. I've compared it to the
way the standard linux 'passwd' utility does it and it's completely
borked. (It's doing the auth part and not letting the conversation
script do it)
I wanted to run this by the group here (as there are lots of smart
people here) and see if others agreed. If so (and I'm not just going
nuts here) then I am thinking about rewriting the conversation
function. This would allow people to do Windows Domain password
changes via poppassd! (This would answer this question about password
changing that has been asked a dozen or so times here).
Any thoughts are much appreciated!
Mat Allgood
More information about the samba
mailing list