Please support use of option migration when using libpam_smbpass.so in password clause. Current Behavior: pam is usually configured using the following two lines to synchronize users and passwords: auth optional pam_smbpass.so migrate password optional pam_smbpass.so nullok use_authtok use_first_pass The auth clause makes pam_smbpass executed at each and every login just to catch the first login of a new user and add him to the samba user database. When omitting the auth clause password still get updated for existing samba users. Desired Behavior: pam can be configured with the following single line: password optional pam_smbpass.so nullok use_authtok use_first_pass migrate samba users get created immedeatly at creation of the unix login, as usally there is a call to passwd involved. This currently isn't supported as pam_smbpass ignores the migrate option when used in the password clause.
pam-smbpass will be dropped with samba 4.4. See als the thread "Remove pam_smbpass module from Samba source code" from 2015 on samba-technical on the topic.