The Samba-Bugzilla – Bug 11147
libpam_smbpass should support migrate on pam's password clause
Last modified: 2015-11-19 08:02:13 UTC
Please support use of option migration when using libpam_smbpass.so in password clause.
pam is usually configured using the following two lines to synchronize users and passwords:
auth optional pam_smbpass.so migrate
password optional pam_smbpass.so nullok use_authtok use_first_pass
The auth clause makes pam_smbpass executed at each and every login just to catch the first login of a new user and add him to the samba user database.
When omitting the auth clause password still get updated for existing samba users.
pam can be configured with the following single line:
password optional pam_smbpass.so nullok use_authtok use_first_pass migrate
samba users get created immedeatly at creation of the unix login, as usally there is a call to passwd involved.
This currently isn't supported as pam_smbpass ignores the migrate option when used in the password clause.
pam-smbpass will be dropped with samba 4.4. See als the thread "Remove
pam_smbpass module from Samba source code" from 2015 on samba-technical on the