summaryrefslogtreecommitdiff
path: root/source4/pam_smbpass/samples
diff options
context:
space:
mode:
Diffstat (limited to 'source4/pam_smbpass/samples')
-rw-r--r--source4/pam_smbpass/samples/README3
-rw-r--r--source4/pam_smbpass/samples/kdc-pdc15
-rw-r--r--source4/pam_smbpass/samples/password-mature14
-rw-r--r--source4/pam_smbpass/samples/password-migration18
-rw-r--r--source4/pam_smbpass/samples/password-sync15
5 files changed, 65 insertions, 0 deletions
diff --git a/source4/pam_smbpass/samples/README b/source4/pam_smbpass/samples/README
new file mode 100644
index 0000000000..d77603306f
--- /dev/null
+++ b/source4/pam_smbpass/samples/README
@@ -0,0 +1,3 @@
+This directory contains example configurations demonstrating various uses
+of pam_smbpass. These examples use Linux-style /etc/pam.d syntax, and
+must be modified for use on Solaris systems.
diff --git a/source4/pam_smbpass/samples/kdc-pdc b/source4/pam_smbpass/samples/kdc-pdc
new file mode 100644
index 0000000000..70f1998f32
--- /dev/null
+++ b/source4/pam_smbpass/samples/kdc-pdc
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# kdc-pdc
+#
+# A sample PAM configuration that shows pam_smbpass used together with
+# pam_krb5. This could be useful on a Samba PDC that is also a member of
+# a Kerberos realm.
+
+auth requisite pam_nologin.so
+auth requisite pam_krb5.so
+auth optional pam_smbpass.so migrate
+account required pam_krb5.so
+password requisite pam_cracklib.so retry=3
+password optional pam_smbpass.so nullok use_authtok try_first_pass
+password required pam_krb5.so use_authtok try_first_pass
+session required pam_krb5.so
diff --git a/source4/pam_smbpass/samples/password-mature b/source4/pam_smbpass/samples/password-mature
new file mode 100644
index 0000000000..6d73e0906f
--- /dev/null
+++ b/source4/pam_smbpass/samples/password-mature
@@ -0,0 +1,14 @@
+#%PAM-1.0
+# password-mature
+#
+# A sample PAM configuration for a 'mature' smbpasswd installation.
+# private/smbpasswd is fully populated, and we consider it an error if
+# the smbpasswd doesn't exist or doesn't match the Unix password.
+
+auth requisite pam_nologin.so
+auth required pam_unix.so
+account required pam_unix.so
+password requisite pam_cracklib.so retry=3
+password requisite pam_unix.so shadow md5 use_authtok try_first_pass
+password required pam_smbpass.so use_authtok use_first_pass
+session required pam_unix.so
diff --git a/source4/pam_smbpass/samples/password-migration b/source4/pam_smbpass/samples/password-migration
new file mode 100644
index 0000000000..305cb53858
--- /dev/null
+++ b/source4/pam_smbpass/samples/password-migration
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# password-migration
+#
+# A sample PAM configuration that shows the use of pam_smbpass to migrate
+# from plaintext to encrypted passwords for Samba. Unlike other methods,
+# this can be used for users who have never connected to Samba shares:
+# password migration takes place when users ftp in, login using ssh, pop
+# their mail, etc.
+
+auth requisite pam_nologin.so
+# pam_smbpass is called IFF pam_unix succeeds.
+auth requisite pam_unix.so
+auth optional pam_smbpass.so migrate
+account required pam_unix.so
+password requisite pam_cracklib.so retry=3
+password requisite pam_unix.so shadow md5 use_authtok try_first_pass
+password optional pam_smbpass.so nullok use_authtok try_first_pass
+session required pam_unix.so
diff --git a/source4/pam_smbpass/samples/password-sync b/source4/pam_smbpass/samples/password-sync
new file mode 100644
index 0000000000..0a950dd2e9
--- /dev/null
+++ b/source4/pam_smbpass/samples/password-sync
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# password-sync
+#
+# A sample PAM configuration that shows the use of pam_smbpass to make
+# sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
+# is changed. Useful when an expired password might be changed by an
+# application (such as ssh).
+
+auth requisite pam_nologin.so
+auth required pam_unix.so
+account required pam_unix.so
+password requisite pam_cracklib.so retry=3
+password requisite pam_unix.so shadow md5 use_authtok try_first_pass
+password required pam_smbpass.so nullok use_authtok try_first_pass
+session required pam_unix.so