1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
samba-mirror/source3/pam_smbpass
Andrew Tridgell 87fbb7092b The big character set handling changeover!
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
2001-07-04 07:15:53 +00:00
..
samples Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00
CHANGELOG Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00
general.h Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00
pam_smb_acct.c The big character set handling changeover! 2001-07-04 07:15:53 +00:00
pam_smb_auth.c The big character set handling changeover! 2001-07-04 07:15:53 +00:00
pam_smb_passwd.c The big character set handling changeover! 2001-07-04 07:15:53 +00:00
README Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00
support.c Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00
support.h Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00
TODO Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code. 2001-04-24 20:00:12 +00:00

25 Mar 2001

pam_smbpass is a PAM module which can be used on conforming systems to
keep the smbpasswd (Samba password) database in sync with the unix
password file. PAM (Pluggable Authentication Modules) is an API supported
under some Unices, such as Solaris, HPUX and Linux, that provides a
generic interface to authentication mechanisms.

For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/

This module authenticates a local smbpasswd user database.  If you require
support for authenticating against a remote SMB server, or if you're
concerned about the presence of suid root binaries on your system, it is
recommended that you use one of the other two following modules

  pam_smb - http://www.csn.ul.ie/~airlied/pam_smb/
    authenticates against any remote SMB server

  pam_ntdom - ftp://ftp.samba.org/pub/samba/pam_ntdom/
    authenticates against an NT or Samba domain controller

Options recognized by this module are as follows:

	debug		-	log more debugging info
	audit		-	like debug, but also logs unknown usernames
	use_first_pass	-	don't prompt the user for passwords;
				take them from PAM_ items instead
	try_first_pass  -	try to get the password from a previous
				PAM module, fall back to prompting the user
	use_authtok	-	like try_first_pass, but *fail* if the new
				PAM_AUTHTOK has not been previously set.
				(intended for stacking password modules only)
	not_set_pass    -	don't make passwords used by this module
				available to other modules.
	nodelay		-	don't insert ~1 second delays on authentication
				failure.
	nullok		-	null passwords are allowed.
	nonull		-	null passwords are not allowed. Used to
				override the Samba configuration.
	migrate		-	only meaningful in an "auth" context;
				used to update smbpasswd file with a
				password used for successful authentication.
	smbconf=<file>	-	specify an alternate path to the smb.conf
				file.

See the samples/ directory for example PAM configurations using this
module.

Thanks go to the following people:

* Andrew Morgan <morgan@transmeta.com>, for providing the Linux-PAM
framework, without which none of this would have happened

* Christian Gafton <gafton@redhat.com> and Andrew Morgan again, for the
pam_pwdb module upon which pam_smbpass was originally based

* Luke Leighton <lkcl@switchboard.net> for being receptive to the idea,
and for the occasional good-natured complaint about the project's status
that keep me working on it :)

* and of course, all the other members of the Samba team 
<samba-bugs@samba.org>, for creating a great product and for giving this
project a purpose

---------------------
Stephen Langasek <vorlon@netexpress.net>