mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
2203bed32c
to make full use of the new talloc() interface. Discussed with Volker
and Jeremy.
* remove the internal mem_ctx and simply use the talloc()
structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
upcoming changes. Groups will most likely be replaced with a
'struct samg' in the future.
Note that there are now passbd API changes. And for the most
part, the wrapper functions remain the same.
While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs. The code also needs more testing under valgrind to
ensure it's not leaking memory.
But it's a start......
(This used to be commit
|
||
|---|---|---|
| .. | ||
| samples | ||
| CHANGELOG | ||
| general.h | ||
| INSTALL | ||
| pam_smb_acct.c | ||
| pam_smb_auth.c | ||
| pam_smb_passwd.c | ||
| README | ||
| support.c | ||
| support.h | ||
| TODO | ||
25 Mar 2001 pam_smbpass is a PAM module which can be used on conforming systems to keep the smbpasswd (Samba password) database in sync with the unix password file. PAM (Pluggable Authentication Modules) is an API supported under some Unices, such as Solaris, HPUX and Linux, that provides a generic interface to authentication mechanisms. For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/ This module authenticates a local smbpasswd user database. If you require support for authenticating against a remote SMB server, or if you're concerned about the presence of suid root binaries on your system, it is recommended that you use pam_winbind instead. Options recognized by this module are as follows: debug - log more debugging info audit - like debug, but also logs unknown usernames use_first_pass - don't prompt the user for passwords; take them from PAM_ items instead try_first_pass - try to get the password from a previous PAM module, fall back to prompting the user use_authtok - like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set. (intended for stacking password modules only) not_set_pass - don't make passwords used by this module available to other modules. nodelay - don't insert ~1 second delays on authentication failure. nullok - null passwords are allowed. nonull - null passwords are not allowed. Used to override the Samba configuration. migrate - only meaningful in an "auth" context; used to update smbpasswd file with a password used for successful authentication. smbconf=<file> - specify an alternate path to the smb.conf file. See the samples/ directory for example PAM configurations using this module. Thanks go to the following people: * Andrew Morgan <morgan@transmeta.com>, for providing the Linux-PAM framework, without which none of this would have happened * Christian Gafton <gafton@redhat.com> and Andrew Morgan again, for the pam_pwdb module upon which pam_smbpass was originally based * Luke Leighton <lkcl@switchboard.net> for being receptive to the idea, and for the occasional good-natured complaint about the project's status that keep me working on it :) * and of course, all the other members of the Samba team <http://www.samba.org/samba/team.html>, for creating a great product and for giving this project a purpose --------------------- Stephen Langasek <vorlon@netexpress.net>