No subject
Thu Jun 10 02:36:45 MDT 2010
25 Mar 2001
pam_smbpass is a PAM module which can be used on conforming systems to
keep the smbpasswd (Samba password) database in sync with the unix
password file. PAM (Pluggable Authentication Modules) is an API supported
under some Unices, such as Solaris, HPUX and Linux, that provides a
generic interface to authentication mechanisms.
For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/
This module authenticates a local smbpasswd user database. If you require
support for authenticating against a remote SMB server, or if you're
concerned about the presence of suid root binaries on your system, it is
recommended that you use pam_winbind instead.
Options recognized by this module are as follows:
debug - log more debugging info
audit - like debug, but also logs unknown usernames
use_first_pass - don't prompt the user for passwords;
take them from PAM_ items instead
try_first_pass - try to get the password from a previous
PAM module, fall back to prompting the user
use_authtok - like try_first_pass, but *fail* if the new
PAM_AUTHTOK has not been previously set.
(intended for stacking password modules
only)
not_set_pass - don't make passwords used by this module
available to other modules.
nodelay - don't insert ~1 second delays on
authentication
failure.
nullok - null passwords are allowed.
nonull - null passwords are not allowed. Used to
override the Samba configuration.
migrate - only meaningful in an "auth" context;
used to update smbpasswd file with a
password used for successful authentication.
smbconf=<file> - specify an alternate path to the smb.conf
file.
Here is a sample PAM config line in the appropriate file/s in /etc/pam.d:
password required pam_smbpass.so use_authtok use_first_pass debug
I hope that helps.
- John T.
More information about the samba
mailing list