From 87767df909e2c9970c230ab5a9eb0fd045afd32b Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sun, 1 Jun 2003 01:11:52 +0000 Subject: More edits. (This used to be commit 57b0e6b680eab9d580a835439ee1535033fbc81c) --- .../projdoc/PAM-Authentication-And-Samba.xml | 30 +++++++++++++++------- docs/docbook/projdoc/PolicyMgmt.xml | 2 +- docs/docbook/projdoc/winbind.xml | 2 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml index e61e65ed01..fd3c369580 100644 --- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml @@ -7,7 +7,7 @@
vorlon@netexpress.net
- (Jun 21 2001) + May 31, 2003 PAM based Distributed Authentication @@ -25,6 +25,10 @@ In addition to knowing how to configure winbind into PAM, you will learn generic possibilities and in particular how to deploy tools like pam_smbpass.so to your adavantage. + +The use of Winbind require more than PAM configuration alone. Please refer to: + + Features and Benefits @@ -178,7 +182,9 @@ auth required /other_path/pam_strange_module.so The remaining information in this subsection was taken from the documentation of the Linux-PAM -project. +project. For more information on PAM, see + +http://ftp.kernel.org/pub/linux/libs/pam The Official Linux-PAM home page. @@ -460,6 +466,9 @@ of the login process. Essentially all conditions can be disabled by commenting them out except the calls to pam_pwdb.so. + +PAM: original login config + #%PAM-1.0 # The PAM configuration file for the `login' service @@ -477,6 +486,11 @@ session required pam_pwdb.so password required pam_pwdb.so shadow md5 + + + +PAM: login using pam_smbpass + PAM allows use of replacable modules. Those available on a sample system include: @@ -574,10 +588,12 @@ life though, every decision makes trade-offs, so you may want examine the PAM documentation for further helpful information. + + -PAM Configuration in smb.conf +smb.conf PAM Configuration There is an option in smb.conf called -When Samba is configured to enable PAM support (i.e. +When Samba-3 is configured to enable PAM support (i.e. ), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior @@ -604,7 +620,7 @@ password encryption. -Authentication off a remote CIFS Server using winbindd.so +Remote CIFS Authentication using winbindd.so All operating systems depend on the provision of users credentials accecptable to the platform. @@ -655,10 +671,6 @@ under some Unices, such as Solaris, HPUX and Linux, that provides a generic interface to authentication mechanisms. - - For more information on PAM, see The linux PAM homepage. - - This module authenticates a local smbpasswd user database. If you require support for authenticating against a remote SMB server, or if you're diff --git a/docs/docbook/projdoc/PolicyMgmt.xml b/docs/docbook/projdoc/PolicyMgmt.xml index 062109bc31..cc05e07886 100644 --- a/docs/docbook/projdoc/PolicyMgmt.xml +++ b/docs/docbook/projdoc/PolicyMgmt.xml @@ -438,7 +438,7 @@ reboot and as part of the user logon: Common Errors -Stuff goes here. +Stuffgoes here. diff --git a/docs/docbook/projdoc/winbind.xml b/docs/docbook/projdoc/winbind.xml index f78f74f780..4b2951805e 100644 --- a/docs/docbook/projdoc/winbind.xml +++ b/docs/docbook/projdoc/winbind.xml @@ -22,7 +22,7 @@ 27 June 2002 -Unified Logons between Windows NT and UNIX using Winbind +Integrated Logon Support using Winbind Features and Benefits -- cgit