Bug 11147 - libpam_smbpass should support migrate on pam's password clause
libpam_smbpass should support migrate on pam's password clause
Status: RESOLVED WONTFIX
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
unspecified
All All
: P5 enhancement
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-10 18:05 UTC by isst
Modified: 2015-11-19 08:02 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description isst 2015-03-10 18:05:57 UTC
Please support use of option migration when using libpam_smbpass.so in password clause.

Current Behavior:

pam is usually configured using the following two lines to synchronize users and passwords:

auth         optional pam_smbpass.so migrate
password     optional pam_smbpass.so nullok use_authtok use_first_pass
 
The auth clause makes pam_smbpass executed at each and every login just to catch the first login of a new user and add him to the samba user database.
When omitting the auth clause password still get updated for existing samba users.


Desired Behavior:

pam can be configured with the following single line:

password     optional pam_smbpass.so nullok use_authtok use_first_pass migrate

samba users get created immedeatly at creation of the unix login, as usally there is a call to passwd involved. 

This currently isn't supported as pam_smbpass ignores the migrate option when used in the password clause.
Comment 1 Björn Jacke 2015-11-19 08:02:13 UTC
pam-smbpass will be dropped with samba 4.4. See als the thread "Remove
pam_smbpass module from Samba source code" from 2015 on samba-technical on the
topic.