[Samba] Smart card logon

Pau Garcia i Quiles pgquiles at elpauer.org
Tue Jan 29 19:23:42 GMT 2008


Quoting Asier Baranguán <abaranguan at elpagestion.com>:

> Hi all
>
> Is possible to perform a logon from a XP workstation to a Samba3+LDAP
> managed domain with a smartcard? I've readed somewhere that this is not
> possible with Samba3, but /could/ be possible with the Samba4 package.
>
> Thanks

Although I have never tried it, it should be possible by configuring  
Samba for PAM authentication  
(http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html)  
and using an appropriate PAM module, such as  
http://www.opensc-project.org/pam_p11/

Even if PAM P11 is not ready for Samba use, it shouldn't be too  
difficult (and take this with a grain of salt, given that PAM is  
mystic per se :-) to produce a new PAM-Samba-Smartcard by "merging"  
PAM P11 and one of the PAM modules included in Samba currently (PAM  
password, PAM Winbind, etc).

-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)



More information about the samba mailing list