P. 1


|Views: 167|Likes:
Publicado porNurul Istiqomah

More info:

Published by: Nurul Istiqomah on Dec 14, 2010
Direitos Autorais:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Pluggable Authentication Modules (PAM) provide a method of increasing flexibility in
authentication methods. It’s a complex issue that’s best covered by the documentation
that comes with PAM itself. In short,having PAM support in an application means you
can pick and choose authentication methods and databases without having to recompile
the application. The PAM module takes care of that.

You can verify whether your Samba installation has been compiled with the --with-pam
option by using ldd:

[root@server root]$ ldd /usr/sbin/smbd
libnsl.so.1 => /lib/libnsl.so.1 (0x40018000)
libreadline.so.3 => /usr/lib/libreadline.so.3 (0x4002f000)
libdl.so.2 => /lib/libdl.so.2 (0x40051000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40054000)
libpam.so.0 => /lib/libpam.so.0 (0x40081000) << here it is
libc.so.6 => /lib/libc.so.6 (0x40089000)
libtermcap.so.2 => /lib/libtermcap.so.2 (0x4017c000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
[root@server root]$

This shows that PAM is compiled into this version of Samba,and here’s the related
Samba config file for PAM:

[root@server root]# cat /etc/pam.d/samba
auth required /lib/security/pam_pwdb.so nullok shadow
account required /lib/security/pam_pwdb.so
[root@server root]#

Here’s the master configuration file for PAM for a Red Hat system:

[root@server root]# cat /etc/pam.d/login

Creating a Turnkey Samba System



18 8628 CH15 3/17/00 1:39 PM Page 440

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
[root@server root]#

pam_smbinformationfrom www.csn.ul.ie/~airlied/pam_smb/can be used to see how
PAM works with the SMB protocol.

The pam_ntdompagecan be found at http://core.ring.gr.jp/pub/net/samba/

pam_ntdom/. It allows UNIX/Linux users to authenticate using an NT domain controller.
Although this may seem like an unusual use,it performs a valuable function in reducing
or consolidating separate user account databases.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->