Re: Building a custom auth back-end.
I may be wrong, but... If you really can't install PAM on some systems, I think making a library that masquerades as PAM might be the easiest way. The interface PAM exports to PAM clients is not very complicated, so making a pretend PAM would be a lot easier than making PAM from scratch. make your pretend PAM connect directly to your authentication server and you're done. - Ben
Re: Building a custom auth back-end.
On Fri, 2003-01-10 at 08:41, Christopher R. Hertel wrote: Abartlet, et. al., I've been asked to check on something. I haven't been working with this aspect of the authentication code in Samba so I need a little guidance. Question: How hard is it, if we're *not* using PAM, to build a custom authentication back-end for Samba? Not too hard, for Samba 3.0 The reason that we (the University, where I work) are not using PAM is that there are a lot of servers out there on all sorts of platforms. Some use PAM, some don't. A general solution would need to work without. The authentication database is a big central system. It can do RADIUS and LDAP and a few other schemes, but RADIUS is preferred. It already stores NTLMv1 hashes. To give you an idea of scale (and why this is an interesting project), the central database has on the order of 130,000 user entries. We're a big shop, in some ways, a lot of little shops in others. Anyway, the goal is to let Windows users connect to Samba servers, authenticating against the central database. I think it should be easy to do, if we have the hooks to do it. I think I remember someone saying we have such hooks. As you know, my head has been burried in my book so I'm a little lost with regard to such things. You really should just use the 'normal' pdb_ldap stuff, unless you have a *really* good reason not to. Because there is much more involved than just getting the auth - we need the user in the SAM anyway. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Building a custom auth back-end.
Abartlet, et. al., I've been asked to check on something. I haven't been working with this aspect of the authentication code in Samba so I need a little guidance. Question: How hard is it, if we're *not* using PAM, to build a custom authentication back-end for Samba? The reason that we (the University, where I work) are not using PAM is that there are a lot of servers out there on all sorts of platforms. Some use PAM, some don't. A general solution would need to work without. The authentication database is a big central system. It can do RADIUS and LDAP and a few other schemes, but RADIUS is preferred. It already stores NTLMv1 hashes. To give you an idea of scale (and why this is an interesting project), the central database has on the order of 130,000 user entries. We're a big shop, in some ways, a lot of little shops in others. Anyway, the goal is to let Windows users connect to Samba servers, authenticating against the central database. I think it should be easy to do, if we have the hooks to do it. I think I remember someone saying we have such hooks. As you know, my head has been burried in my book so I'm a little lost with regard to such things. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]