| 1 | 25 Mar 2001
|
|---|
| 2 |
|
|---|
| 3 | pam_smbpass is a PAM module which can be used on conforming systems to
|
|---|
| 4 | keep the smbpasswd (Samba password) database in sync with the unix
|
|---|
| 5 | password file. PAM (Pluggable Authentication Modules) is an API supported
|
|---|
| 6 | under some Unices, such as Solaris, HPUX and Linux, that provides a
|
|---|
| 7 | generic interface to authentication mechanisms.
|
|---|
| 8 |
|
|---|
| 9 | For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/
|
|---|
| 10 |
|
|---|
| 11 | This module authenticates a local smbpasswd user database. If you require
|
|---|
| 12 | support for authenticating against a remote SMB server, or if you're
|
|---|
| 13 | concerned about the presence of suid root binaries on your system, it is
|
|---|
| 14 | recommended that you use pam_winbind instead.
|
|---|
| 15 |
|
|---|
| 16 | Options recognized by this module are as follows:
|
|---|
| 17 |
|
|---|
| 18 | debug - log more debugging info
|
|---|
| 19 | audit - like debug, but also logs unknown usernames
|
|---|
| 20 | use_first_pass - don't prompt the user for passwords;
|
|---|
| 21 | take them from PAM_ items instead
|
|---|
| 22 | try_first_pass - try to get the password from a previous
|
|---|
| 23 | PAM module, fall back to prompting the user
|
|---|
| 24 | use_authtok - like try_first_pass, but *fail* if the new
|
|---|
| 25 | PAM_AUTHTOK has not been previously set.
|
|---|
| 26 | (intended for stacking password modules only)
|
|---|
| 27 | not_set_pass - don't make passwords used by this module
|
|---|
| 28 | available to other modules.
|
|---|
| 29 | nodelay - don't insert ~1 second delays on authentication
|
|---|
| 30 | failure.
|
|---|
| 31 | nullok - null passwords are allowed.
|
|---|
| 32 | nonull - null passwords are not allowed. Used to
|
|---|
| 33 | override the Samba configuration.
|
|---|
| 34 | migrate - only meaningful in an "auth" context;
|
|---|
| 35 | used to update smbpasswd file with a
|
|---|
| 36 | password used for successful authentication.
|
|---|
| 37 | smbconf=<file> - specify an alternate path to the smb.conf
|
|---|
| 38 | file.
|
|---|
| 39 |
|
|---|
| 40 | See the samples/ directory for example PAM configurations using this
|
|---|
| 41 | module.
|
|---|
| 42 |
|
|---|
| 43 | Thanks go to the following people:
|
|---|
| 44 |
|
|---|
| 45 | * Andrew Morgan <morgan@transmeta.com>, for providing the Linux-PAM
|
|---|
| 46 | framework, without which none of this would have happened
|
|---|
| 47 |
|
|---|
| 48 | * Christian Gafton <gafton@redhat.com> and Andrew Morgan again, for the
|
|---|
| 49 | pam_pwdb module upon which pam_smbpass was originally based
|
|---|
| 50 |
|
|---|
| 51 | * Luke Leighton <lkcl@switchboard.net> for being receptive to the idea,
|
|---|
| 52 | and for the occasional good-natured complaint about the project's status
|
|---|
| 53 | that keep me working on it :)
|
|---|
| 54 |
|
|---|
| 55 | * and of course, all the other members of the Samba team
|
|---|
| 56 | <http://www.samba.org/samba/team.html>, for creating a great product
|
|---|
| 57 | and for giving this project a purpose
|
|---|
| 58 |
|
|---|
| 59 | ---------------------
|
|---|
| 60 | Stephen Langasek <vorlon@netexpress.net>
|
|---|
