From ef2e26c91b80556af033d3335e55f5dfa6fff31d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Aug 2003 01:53:07 +0000 Subject: first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) --- source4/pam_smbpass/samples/README | 3 +++ source4/pam_smbpass/samples/kdc-pdc | 15 +++++++++++++++ source4/pam_smbpass/samples/password-mature | 14 ++++++++++++++ source4/pam_smbpass/samples/password-migration | 18 ++++++++++++++++++ source4/pam_smbpass/samples/password-sync | 15 +++++++++++++++ 5 files changed, 65 insertions(+) create mode 100644 source4/pam_smbpass/samples/README create mode 100644 source4/pam_smbpass/samples/kdc-pdc create mode 100644 source4/pam_smbpass/samples/password-mature create mode 100644 source4/pam_smbpass/samples/password-migration create mode 100644 source4/pam_smbpass/samples/password-sync (limited to 'source4/pam_smbpass/samples') diff --git a/source4/pam_smbpass/samples/README b/source4/pam_smbpass/samples/README new file mode 100644 index 0000000000..d77603306f --- /dev/null +++ b/source4/pam_smbpass/samples/README @@ -0,0 +1,3 @@ +This directory contains example configurations demonstrating various uses +of pam_smbpass. These examples use Linux-style /etc/pam.d syntax, and +must be modified for use on Solaris systems. diff --git a/source4/pam_smbpass/samples/kdc-pdc b/source4/pam_smbpass/samples/kdc-pdc new file mode 100644 index 0000000000..70f1998f32 --- /dev/null +++ b/source4/pam_smbpass/samples/kdc-pdc @@ -0,0 +1,15 @@ +#%PAM-1.0 +# kdc-pdc +# +# A sample PAM configuration that shows pam_smbpass used together with +# pam_krb5. This could be useful on a Samba PDC that is also a member of +# a Kerberos realm. + +auth requisite pam_nologin.so +auth requisite pam_krb5.so +auth optional pam_smbpass.so migrate +account required pam_krb5.so +password requisite pam_cracklib.so retry=3 +password optional pam_smbpass.so nullok use_authtok try_first_pass +password required pam_krb5.so use_authtok try_first_pass +session required pam_krb5.so diff --git a/source4/pam_smbpass/samples/password-mature b/source4/pam_smbpass/samples/password-mature new file mode 100644 index 0000000000..6d73e0906f --- /dev/null +++ b/source4/pam_smbpass/samples/password-mature @@ -0,0 +1,14 @@ +#%PAM-1.0 +# password-mature +# +# A sample PAM configuration for a 'mature' smbpasswd installation. +# private/smbpasswd is fully populated, and we consider it an error if +# the smbpasswd doesn't exist or doesn't match the Unix password. + +auth requisite pam_nologin.so +auth required pam_unix.so +account required pam_unix.so +password requisite pam_cracklib.so retry=3 +password requisite pam_unix.so shadow md5 use_authtok try_first_pass +password required pam_smbpass.so use_authtok use_first_pass +session required pam_unix.so diff --git a/source4/pam_smbpass/samples/password-migration b/source4/pam_smbpass/samples/password-migration new file mode 100644 index 0000000000..305cb53858 --- /dev/null +++ b/source4/pam_smbpass/samples/password-migration @@ -0,0 +1,18 @@ +#%PAM-1.0 +# password-migration +# +# A sample PAM configuration that shows the use of pam_smbpass to migrate +# from plaintext to encrypted passwords for Samba. Unlike other methods, +# this can be used for users who have never connected to Samba shares: +# password migration takes place when users ftp in, login using ssh, pop +# their mail, etc. + +auth requisite pam_nologin.so +# pam_smbpass is called IFF pam_unix succeeds. +auth requisite pam_unix.so +auth optional pam_smbpass.so migrate +account required pam_unix.so +password requisite pam_cracklib.so retry=3 +password requisite pam_unix.so shadow md5 use_authtok try_first_pass +password optional pam_smbpass.so nullok use_authtok try_first_pass +session required pam_unix.so diff --git a/source4/pam_smbpass/samples/password-sync b/source4/pam_smbpass/samples/password-sync new file mode 100644 index 0000000000..0a950dd2e9 --- /dev/null +++ b/source4/pam_smbpass/samples/password-sync @@ -0,0 +1,15 @@ +#%PAM-1.0 +# password-sync +# +# A sample PAM configuration that shows the use of pam_smbpass to make +# sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) +# is changed. Useful when an expired password might be changed by an +# application (such as ssh). + +auth requisite pam_nologin.so +auth required pam_unix.so +account required pam_unix.so +password requisite pam_cracklib.so retry=3 +password requisite pam_unix.so shadow md5 use_authtok try_first_pass +password required pam_smbpass.so nullok use_authtok try_first_pass +session required pam_unix.so -- cgit