summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2003-06-01 01:11:52 +0000
committerJohn Terpstra <jht@samba.org>2003-06-01 01:11:52 +0000
commit87767df909e2c9970c230ab5a9eb0fd045afd32b (patch)
treedb4e42340b455f5d2488fe3babfe3686ab32f79d /docs/docbook/projdoc/PAM-Authentication-And-Samba.xml
parentfce14ea7cc16c6a456bf90ffbb0f9950acbc09a2 (diff)
downloadsamba-87767df909e2c9970c230ab5a9eb0fd045afd32b.tar.gz
samba-87767df909e2c9970c230ab5a9eb0fd045afd32b.tar.bz2
samba-87767df909e2c9970c230ab5a9eb0fd045afd32b.zip
More edits.
(This used to be commit 57b0e6b680eab9d580a835439ee1535033fbc81c)
Diffstat (limited to 'docs/docbook/projdoc/PAM-Authentication-And-Samba.xml')
-rw-r--r--docs/docbook/projdoc/PAM-Authentication-And-Samba.xml30
1 files changed, 21 insertions, 9 deletions
diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml
index e61e65ed01..fd3c369580 100644
--- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml
+++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml
@@ -7,7 +7,7 @@
<address><email>vorlon@netexpress.net</email></address>
</affiliation>
</author>
- <pubdate> (Jun 21 2001) </pubdate>
+ <pubdate>May 31, 2003</pubdate>
</chapterinfo>
<title>PAM based Distributed Authentication</title>
@@ -25,6 +25,10 @@ In addition to knowing how to configure winbind into PAM, you will learn generic
possibilities and in particular how to deploy tools like pam_smbpass.so to your adavantage.
</para>
+<note><para>
+The use of Winbind require more than PAM configuration alone. Please refer to: <link linkend="winbind"></link>
+</para></note>
+
<sect1>
<title>Features and Benefits</title>
@@ -178,7 +182,9 @@ auth required /other_path/pam_strange_module.so
<para>
The remaining information in this subsection was taken from the documentation of the Linux-PAM
-project.
+project. For more information on PAM, see
+<ulink url="http://ftp.kernel.org/pub/linux/libs/pam/">
+http://ftp.kernel.org/pub/linux/libs/pam</ulink> The Official Linux-PAM home page.
</para>
<para>
@@ -460,6 +466,9 @@ of the login process. Essentially all conditions can be disabled
by commenting them out except the calls to <filename>pam_pwdb.so</filename>.
</para>
+<sect3>
+<title>PAM: original login config</title>
+
<para><screen>
#%PAM-1.0
# The PAM configuration file for the `login' service
@@ -477,6 +486,11 @@ session required pam_pwdb.so
password required pam_pwdb.so shadow md5
</screen></para>
+</sect3>
+
+<sect3>
+<title>PAM: login using pam_smbpass</title>
+
<para>
PAM allows use of replacable modules. Those available on a sample system include:
</para>
@@ -574,10 +588,12 @@ life though, every decision makes trade-offs, so you may want examine the
PAM documentation for further helpful information.
</para></note>
+</sect3>
+
</sect2>
<sect2>
-<title>PAM Configuration in smb.conf</title>
+<title>smb.conf PAM Configuration</title>
<para>
There is an option in smb.conf called <ulink
@@ -586,7 +602,7 @@ The following is from the on-line help for this option in SWAT;
</para>
<para>
-When Samba is configured to enable PAM support (i.e.
+When Samba-3 is configured to enable PAM support (i.e.
<option>--with-pam</option>), this parameter will
control whether or not Samba should obey PAM's account
and session management directives. The default behavior
@@ -604,7 +620,7 @@ password encryption.
</sect2>
<sect2>
-<title>Authentication off a remote CIFS Server using winbindd.so</title>
+<title>Remote CIFS Authentication using winbindd.so</title>
<para>
All operating systems depend on the provision of users credentials accecptable to the platform.
@@ -656,10 +672,6 @@ generic interface to authentication mechanisms.
</para>
<para>
- For more information on PAM, see <ulink url="http://ftp.kernel.org/pub/linux/libs/pam/">The linux PAM homepage</ulink>.
-</para>
-
-<para>
This module authenticates a local smbpasswd user database. If you require
support for authenticating against a remote SMB server, or if you're
concerned about the presence of suid root binaries on your system, it is