[NTLUG:Discuss] WHAT PAM FILES!!!
Bryan J. Smith
b.j.smith at ieee.org
Fri Dec 17 13:51:25 CST 2004
Again, I might be wrong, but I think you are confused on what Winbindd does.
VMWare used PAM _for_ authentication _itself_.
Windbindd is a PAM authentication option for _any_other_ service.
So you're not creating a PAM file for Winbindd.
You're modifying the PAM files _for_ various services so they can authenticate _against_ Winbindd.
Windbindd isn't an end-user service like SSH, VMWare, etc...
It is a PAM authentication option like traditional passwd/shadow, LDAP, GSSAPI, etc...
--
Bryan J. Smith (currently mobile)
b.j.smith at ieee.org
-----Original Message-----
From: ntlug at rain4us.net
Date: 04-12-17 10:06
To: NTLUG Discussion List
Subj: RE: [NTLUG:Discuss] WHAT PAM FILES!!!
> I think the problem is that he has 0 PAM files to start with.
> Before he was just adding 1, configuring VMWare to use traditional UNIX
> auth.
YES!! YOU'VE GOT IT! VMWARE is the only PAM enabled application that is
running on that particular server. VMware instructions supplied the
/etc/pam.d/$FILENAME and the contents of $_.
Now I'm on a completely different server..and WINBINDD needs to
authenticate via PAM. ...and you are correct....
> But now he wants to add Winbindd as a PAM option.
> So he'll have to create _all_ applicable PAM files for _all_ sevices that
> need to authenticate against Winbindd.
Yes. I need a list of file names that belong in /etc/pam.d Which
pam.d/filenames does winbindd call? What should the contents of the pam.d
files be?
> (and do the services need to be rebuilt for PAM too?)
Other than the winbindd service...I don't see what else would need to be
pam anabled. The fewer PAM services available, the better off things are.
> But if he is looking to authenticate against a CIFS/ADS domain, that's
> what is required AFAIK.
Which I am...which it is. I went to dropline gnome..but they didn't
have a 'list' of pam files in the /etc/pam.d directory. OHOH OH OH!! I
just remembered that I have two customers that have Application servers
that run RH9.0! I'll go there!!! PHEW.. I wish I'd have thought about
that sooner!
> I've had PAM distros as a crutch, so I may be totally off-the-mark.
I'd *rather* not use PAM...but it looks like I'm forced into it if I want
the Samba 3.0.9 domain to provide *unix user/group* authentication on
systems without *posix* accounts.
I'll let everyone know how it turns out.
--
Richard, the PAMless
_______________________________________________
https://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list