When installed, the pam_smbfs_login.so.1 module enables you to store a persistent password the same as if you had run the smbutil login command for PAM_USER in the user's or system's default domain.
This optional functionality is meant to be used only in environments that do not run Active Directory or Kerberos, but which synchronize passwords between Solaris clients and their CIFS/SMB servers.
For more information, see the pam_smbfs_login(5) man page.
Use your login name and password to store a persistent password.
Add the following line to the /etc/pam.conf file after the other login entries:
login auth optional pam_smbfs_login.so.1 |
This action adds a persistent password entry as if you had run the smbutil login command.
The PAM module implements a privilege to permit it to run as superuser to store your password.
Verify that your persistent password is stored.
$ smbutil login -c user |
The following example shows how the domain is chosen. The system default is WORKGROUP. The WORKGROUP domain is overridden by any default from SMF, and finally by any default from the user's .nsmbrc file.
This example shows a default domain in SMF and for user terry:
# sharectl set -p section=default -p domain=AAA smbfs # sharectl get smbfs [default] domain=AAA |
A root login uses the domain from SMF:
# smbutil login -c terry Keychain entry exists for AAA/terry. |
A login as terry uses the domain from the ~terry/.nsmbrc file:
$ ls /.nsmbrc /.nsmbrc: No such file or directory $ cat ~/.nsmbrc [default] domain=MYDOMAIN $ ls -l ~/.nsmbrc -rw-r--r-- 1 terry staff 26 Feb 13 10:15 /home/terry/.nsmbrc $ smbutil login terry Keychain entry exists for MYDOMAIN/terry. |
If Terry puts a password in ~terry/.nsmbrc, he must remove read permission. Also, because Terry's home directory is on an NFS server, the PAM module running as root cannot access Terry's file, so Terry would see the following and use the SMF domain instead:
$ chmod 400 .nsmbrc $ logout solarsystem console login: terry Password: Can't open /home/terry/.nsmbrc: Permission denied $ su Password: # smbutil login -c terry Keychain entry exists for AAA/terry. |