The pam_smb_passwd module enhances the PAM password management stack. This functionality supports the changing or adding of SMB passwords for local Solaris users. The Solaris SMB server uses SMB passwords to authenticate connected Solaris users. This module includes the pam_sm_chauthtok(3PAM) function.
The pam_sm_chauthtok() function accepts the following flags:
Always returns PAM_IGNORE.
Updates or creates a new SMB local LM/NTLM hash for the user that is specified in PAM_USER by using the authentication information found in PAM_AUTHTOK. The LM hash is only created if the smbd/lmauth_level property value of the smb/server service is set to 3 or less. PAM_IGNORE is returned if the user is not in the local /etc/passwd repository.
The following options can be passed to the pam_smb_passwd module:
Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.
Suppresses warning messages.
Stores SMB passwords for Solaris users.
Upon successful completion of pam_sm_chauthtok(), PAM_SUCCESS is returned. The following error codes are returned upon error:
Authentication token manipulation error
SMB password file is locked
Permissions are insufficient for accessing the SMB password file
User is unknown
See the attributes(5) man page for descriptions of the following attributes:
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_smb_passwd.so.1 module should be stacked following all password qualification modules in the PAM password stack.