Added Steve Langasek <vorlon@netexpress.net> pam_smbpass PAM module code.

Note: Still have to add build stuff - not ready yet. (This used to be commit 1de7022f98b64b15503aaf48c8d729789fc49781)
author: John Terpstra <jht@samba.org> 2001-04-24 20:00:12 +0000
committer: John Terpstra <jht@samba.org> 2001-04-24 20:00:12 +0000
commit: 2321514e9300ac85a1976318bae18a6b177f25c9 (patch)
tree: fe7bbb36aaba15deb9f13f3324c696cc06fd8a2d /source3/pam_smbpass/samples
parent: 61da9a7e939df69e3feb7d4854b42f72c132a21f (diff)
download: samba-2321514e9300ac85a1976318bae18a6b177f25c9.tar.gz
samba-2321514e9300ac85a1976318bae18a6b177f25c9.tar.bz2
samba-2321514e9300ac85a1976318bae18a6b177f25c9.zip
5 files changed, 65 insertions, 0 deletions
diff --git a/source3/pam_smbpass/samples/README b/source3/pam_smbpass/samples/README
new file mode 100644
index 0000000000..d77603306f
--- /dev/null
+++ b/source3/pam_smbpass/samples/README
@@ -0,0 +1,3 @@
+This directory contains example configurations demonstrating various uses
+of pam_smbpass.  These examples use Linux-style /etc/pam.d syntax, and
+must be modified for use on Solaris systems.
diff --git a/source3/pam_smbpass/samples/kdc-pdc b/source3/pam_smbpass/samples/kdc-pdc
new file mode 100644
index 0000000000..70f1998f32
--- /dev/null
+++ b/source3/pam_smbpass/samples/kdc-pdc
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# kdc-pdc
+# 
+# A sample PAM configuration that shows pam_smbpass used together with
+# pam_krb5.  This could be useful on a Samba PDC that is also a member of
+# a Kerberos realm.
+
+auth       requisite        pam_nologin.so
+auth       requisite        pam_krb5.so
+auth       optional         pam_smbpass.so migrate
+account    required         pam_krb5.so
+password   requisite        pam_cracklib.so retry=3
+password   optional         pam_smbpass.so nullok use_authtok try_first_pass
+password   required         pam_krb5.so use_authtok try_first_pass
+session    required         pam_krb5.so
diff --git a/source3/pam_smbpass/samples/password-mature b/source3/pam_smbpass/samples/password-mature
new file mode 100644
index 0000000000..6d73e0906f
--- /dev/null
+++ b/source3/pam_smbpass/samples/password-mature
@@ -0,0 +1,14 @@
+#%PAM-1.0
+# password-mature
+#
+# A sample PAM configuration for a 'mature' smbpasswd installation.
+# private/smbpasswd is fully populated, and we consider it an error if
+# the smbpasswd doesn't exist or doesn't match the Unix password.
+
+auth       requisite        pam_nologin.so
+auth       required         pam_unix.so
+account    required         pam_unix.so
+password   requisite        pam_cracklib.so retry=3
+password   requisite        pam_unix.so shadow md5 use_authtok try_first_pass
+password   required         pam_smbpass.so use_authtok use_first_pass
+session    required         pam_unix.so
diff --git a/source3/pam_smbpass/samples/password-migration b/source3/pam_smbpass/samples/password-migration
new file mode 100644
index 0000000000..305cb53858
--- /dev/null
+++ b/source3/pam_smbpass/samples/password-migration
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# password-migration
+#
+# A sample PAM configuration that shows the use of pam_smbpass to migrate
+# from plaintext to encrypted passwords for Samba.  Unlike other methods,
+# this can be used for users who have never connected to Samba shares:
+# password migration takes place when users ftp in, login using ssh, pop
+# their mail, etc.
+
+auth       requisite        pam_nologin.so
+# pam_smbpass is called IFF pam_unix succeeds.
+auth       requisite        pam_unix.so
+auth       optional         pam_smbpass.so migrate
+account    required         pam_unix.so
+password   requisite        pam_cracklib.so retry=3
+password   requisite        pam_unix.so shadow md5 use_authtok try_first_pass
+password   optional         pam_smbpass.so nullok use_authtok try_first_pass
+session    required         pam_unix.so
diff --git a/source3/pam_smbpass/samples/password-sync b/source3/pam_smbpass/samples/password-sync
new file mode 100644
index 0000000000..0a950dd2e9
--- /dev/null
+++ b/source3/pam_smbpass/samples/password-sync
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# password-sync
+#
+# A sample PAM configuration that shows the use of pam_smbpass to make
+# sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
+# is changed.  Useful when an expired password might be changed by an
+# application (such as ssh).
+
+auth       requisite        pam_nologin.so
+auth       required         pam_unix.so
+account    required         pam_unix.so
+password   requisite        pam_cracklib.so retry=3
+password   requisite        pam_unix.so shadow md5 use_authtok try_first_pass
+password   required         pam_smbpass.so nullok use_authtok try_first_pass
+session    required         pam_unix.so
author	John Terpstra <jht@samba.org>	2001-04-24 20:00:12 +0000
committer	John Terpstra <jht@samba.org>	2001-04-24 20:00:12 +0000
commit	2321514e9300ac85a1976318bae18a6b177f25c9 (patch)
tree	fe7bbb36aaba15deb9f13f3324c696cc06fd8a2d /source3/pam_smbpass/samples
parent	61da9a7e939df69e3feb7d4854b42f72c132a21f (diff)
download	samba-2321514e9300ac85a1976318bae18a6b177f25c9.tar.gz samba-2321514e9300ac85a1976318bae18a6b177f25c9.tar.bz2 samba-2321514e9300ac85a1976318bae18a6b177f25c9.zip