[NTLUG:Discuss] WHAT PAM FILES!!!

Bryan J. Smith b.j.smith at ieee.org
Thu Dec 16 18:43:00 CST 2004 

I may be looking at this wrong,
but this is a different capability altogether than what you did before..

Before you just wanted VMWare to authenticate against traditional GLibC auth.
No problem, you just created the minimal PAM (to passwd/shadow) required so VMWare would work.
Because VMWare, a specific service, required PAM.
You were still using traditional UNIX authentication (just via PAM).

But now your talking about authenticating _any_ services against Winbindd.
That totally different.
Winbindd is essentially another PAM module _for_ authenticating services against.
Which means your services must already be PAM enabled to take advantage of winbindd.

Unless someone knows of a way to integrate Winbindd authentication into the traditional GLibC calls?
Other than NIS/NIS+ (not including Kerberos, which is a different  ballgame), I think you have to use PAM and PAM enabled services. 

-- 
Bryan J. Smith (currently mobile)
b.j.smith at ieee.org

-----Original Message-----
From:  ntlug at rain4us.net
Date:  04-12-16 15:10
To:  NTLUG Discussion List
Subj:  RE: [NTLUG:Discuss] WHAT PAM FILES!!!

> I don't want to discourage you,
> but if your distro isn't PAM enabled,
> you're going to have a lot of work in front of you.
>

Oh it's not discouragement.   I'm not trying to pam enable every %@$#%
thing..  I just want to provide PAM for the ONE app that needs it.  I've
done this once before on slackware...where I installed pam and created a
vmware-authd  file that contained

----
#%PAM-1.0
auth       required     /lib/security/pam_unix_auth.so shadow nullok
account    required     /lib/security/pam_unix_acct.so
----

Only, I know not which files exist in a standard /etc/pam.d direcotry, nor
do I know their contents.  I know not which file winbindd will be
using...etc.

It is my understanding that if SSH is not configured to use pam..then it
won't matter WHAT is in its ssh config file. In other words, only those
applications that are looking for PAM will find and use it....which is
fine by me!

Hey! if anyone out there would like to tar up their /etc/pam.d directory
and send it over...I think I'll be able to push my way through this. :) 
It will be a next step anyway.

BTW:  When upgrading from Samba 2.2.8a to Samba 3.0.9 (3.0.10 was released
today btw) on Slackware,  and IF you've compiled and installed them via
the source tarballs,  be careful to make sure that you are using the
correct path to your binaries.   2.2.8a uses /usr/local/samba/bin and
3.0.9 uses  /usr/local/samba/sbin.   It's amazing how ONE little character
can bite you in the butt.

-- 
Richard the unpamful Slacker.

_______________________________________________
https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list