From fce14ea7cc16c6a456bf90ffbb0f9950acbc09a2 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sun, 1 Jun 2003 00:28:21 +0000 Subject: Another update / edit. Still working on this. (This used to be commit 62644afa90ef2cc4723b8d4cac010b4d0b8341c9) --- docs/docbook/projdoc/PAM-Authentication-And-Samba.xml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'docs/docbook/projdoc') diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml index b609e3243c..e61e65ed01 100644 --- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml @@ -244,7 +244,7 @@ Once we have explained the meaning of the above tokens, we will describe this me token associated with the user. Typically, there is one module for each `challenge/response' based authentication (auth) module-type. - + control-flag- @@ -271,7 +271,7 @@ Once we have explained the meaning of the above tokens, we will describe this me - required: this indicates that the success of the module is required for the + required: this indicates that the success of the module is required for the module-type facility to succeed. Failure of this module will not be apparent to the user until all of the remaining modules (of the same module-type) have been executed. @@ -301,7 +301,7 @@ Once we have explained the meaning of the above tokens, we will describe this me However, in the absence of any definite successes or failures of previous or subsequent stacked modules this module will determine the nature of the response to the application. One example of this latter case, is when the other modules return something like PAM_IGNORE. - + @@ -372,6 +372,7 @@ Once we have explained the meaning of the above tokens, we will describe this me terms of the [...] syntax. They are as follows: + required is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=bad] @@ -389,6 +390,7 @@ Once we have explained the meaning of the above tokens, we will describe this me optional is equivalent to [success=ok new_authtok_reqd=ok default=ignore] + Just to get a feel for the power of this new syntax, here is a taste of what you can do with it. With Linux-PAM-0.63, @@ -398,6 +400,7 @@ Once we have explained the meaning of the above tokens, we will describe this me to support binary prompts with compliant clients, but to gracefully fall over into an alternative authentication mode for older, legacy, applications. + module-path- @@ -438,7 +441,7 @@ squid auth required pam_mysql.so user=passwd_query passwd=mada \ Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the side of caution) to make the authentication process fail. A corresponding error is written to the system log files with a call to syslog(3). - + @@ -571,6 +574,8 @@ life though, every decision makes trade-offs, so you may want examine the PAM documentation for further helpful information. + + PAM Configuration in smb.conf @@ -640,7 +645,7 @@ to determine which user and group ids correspond to Windows NT user and group ri -Password Synchronisation using pam_smbpass.so +Password Synchronization using pam_smbpass.so pam_smbpass is a PAM module which can be used on conforming systems to @@ -664,7 +669,7 @@ recommended that you use pam_winbind instead. Options recognized by this module are as follows: - Options recognized by pam_mkpass + Options recognized by pam_smbpass debuglog more debugging info @@ -800,9 +805,11 @@ password optional pam_smbpass.so nullok use_authtok try_first_pass password required pam_krb5.so use_authtok try_first_pass session required pam_krb5.so + + -- cgit