11147 – libpam_smbpass should support migrate on pam's password clause

Bug 11147 - libpam_smbpass should support migrate on pam's password clause

Summary: libpam_smbpass should support migrate on pam's password clause

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-10 18:05 UTC by isst
Modified:	2015-11-19 08:02 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description isst 2015-03-10 18:05:57 UTC

Please support use of option migration when using libpam_smbpass.so in password clause.

Current Behavior:

pam is usually configured using the following two lines to synchronize users and passwords:

auth         optional pam_smbpass.so migrate
password     optional pam_smbpass.so nullok use_authtok use_first_pass
 
The auth clause makes pam_smbpass executed at each and every login just to catch the first login of a new user and add him to the samba user database.
When omitting the auth clause password still get updated for existing samba users.


Desired Behavior:

pam can be configured with the following single line:

password     optional pam_smbpass.so nullok use_authtok use_first_pass migrate

samba users get created immedeatly at creation of the unix login, as usally there is a call to passwd involved. 

This currently isn't supported as pam_smbpass ignores the migrate option when used in the password clause.

Comment 1 Björn Jacke 2015-11-19 08:02:13 UTC

pam-smbpass will be dropped with samba 4.4. See als the thread "Remove
pam_smbpass module from Samba source code" from 2015 on samba-technical on the
topic.