Encrypted and plain passwords with one server
Michael Ju. Tokarev
mjt at tls.msk.ru
Sun Sep 24 09:11:47 GMT 2000
David Collier-Brown wrote:
[]
> I'd propose an option like "invalidate if encrypted" to
> set the unix password field to (literally!)
> "INVALIDATED_BY_SMB" or the like.
And thus totally breaking shell access (unless one uses some
sort of pam_smb[passwd] mechanism that is not good IMHO).
I think that this option just inappropriate here.
BTW, _all_ this stuff (update_encrypted, smbpasswd file as a whole,
ldap support etc) completely belongs to pam. At least, if samba
will not support pam (what samba has now is not really a "support"
for pam) it should have it's own interface/api to dynamically load
some "samba-pam" modules. Moreover, newer utmp stuff also belongs
to that.
Regards,
Michael.
More information about the samba-technical
mailing list