Building a custom auth back-end.
Christopher R. Hertel
crh at ubiqx.mn.org
Thu Jan 9 21:44:00 GMT 2003
Abartlet, et. al.,
I've been asked to check on something. I haven't been working with this
aspect of the authentication code in Samba so I need a little guidance.
Question: How hard is it, if we're *not* using PAM, to build a custom
authentication back-end for Samba?
The reason that we (the University, where I work) are not using PAM is
that there are a lot of servers out there on all sorts of platforms.
Some use PAM, some don't. A general solution would need to work without.
The authentication database is a big central system. It can do RADIUS and
LDAP and a few other schemes, but RADIUS is preferred. It already stores
NTLMv1 hashes.
To give you an idea of scale (and why this is an interesting project), the
central database has on the order of 130,000 user entries. We're a big
shop, in some ways, a lot of little shops in others.
Anyway, the goal is to let Windows users connect to Samba servers,
authenticating against the central database. I think it should be easy to
do, if we have the hooks to do it. I think I remember someone saying we
have such hooks. As you know, my head has been burried in my book so I'm
a little lost with regard to such things.
Chris -)-----
--
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list