diff options
author | John Terpstra <jht@samba.org> | 2001-04-24 20:00:12 +0000 |
---|---|---|
committer | John Terpstra <jht@samba.org> | 2001-04-24 20:00:12 +0000 |
commit | 2321514e9300ac85a1976318bae18a6b177f25c9 (patch) | |
tree | fe7bbb36aaba15deb9f13f3324c696cc06fd8a2d /source3/pam_smbpass/README | |
parent | 61da9a7e939df69e3feb7d4854b42f72c132a21f (diff) | |
download | samba-2321514e9300ac85a1976318bae18a6b177f25c9.tar.gz samba-2321514e9300ac85a1976318bae18a6b177f25c9.tar.bz2 samba-2321514e9300ac85a1976318bae18a6b177f25c9.zip |
Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code.
Note: Still have to add build stuff - not ready yet.
(This used to be commit 1de7022f98b64b15503aaf48c8d729789fc49781)
Diffstat (limited to 'source3/pam_smbpass/README')
-rw-r--r-- | source3/pam_smbpass/README | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/source3/pam_smbpass/README b/source3/pam_smbpass/README new file mode 100644 index 0000000000..6f50ce4d2c --- /dev/null +++ b/source3/pam_smbpass/README @@ -0,0 +1,66 @@ +25 Mar 2001 + +pam_smbpass is a PAM module which can be used on conforming systems to +keep the smbpasswd (Samba password) database in sync with the unix +password file. PAM (Pluggable Authentication Modules) is an API supported +under some Unices, such as Solaris, HPUX and Linux, that provides a +generic interface to authentication mechanisms. + +For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/ + +This module authenticates a local smbpasswd user database. If you require +support for authenticating against a remote SMB server, or if you're +concerned about the presence of suid root binaries on your system, it is +recommended that you use one of the other two following modules + + pam_smb - http://www.csn.ul.ie/~airlied/pam_smb/ + authenticates against any remote SMB server + + pam_ntdom - ftp://ftp.samba.org/pub/samba/pam_ntdom/ + authenticates against an NT or Samba domain controller + +Options recognized by this module are as follows: + + debug - log more debugging info + audit - like debug, but also logs unknown usernames + use_first_pass - don't prompt the user for passwords; + take them from PAM_ items instead + try_first_pass - try to get the password from a previous + PAM module, fall back to prompting the user + use_authtok - like try_first_pass, but *fail* if the new + PAM_AUTHTOK has not been previously set. + (intended for stacking password modules only) + not_set_pass - don't make passwords used by this module + available to other modules. + nodelay - don't insert ~1 second delays on authentication + failure. + nullok - null passwords are allowed. + nonull - null passwords are not allowed. Used to + override the Samba configuration. + migrate - only meaningful in an "auth" context; + used to update smbpasswd file with a + password used for successful authentication. + smbconf=<file> - specify an alternate path to the smb.conf + file. + +See the samples/ directory for example PAM configurations using this +module. + +Thanks go to the following people: + +* Andrew Morgan <morgan@transmeta.com>, for providing the Linux-PAM +framework, without which none of this would have happened + +* Christian Gafton <gafton@redhat.com> and Andrew Morgan again, for the +pam_pwdb module upon which pam_smbpass was originally based + +* Luke Leighton <lkcl@switchboard.net> for being receptive to the idea, +and for the occasional good-natured complaint about the project's status +that keep me working on it :) + +* and of course, all the other members of the Samba team +<samba-bugs@samba.org>, for creating a great product and for giving this +project a purpose + +--------------------- +Stephen Langasek <vorlon@netexpress.net> |