This optional functionality is meant to be used only in environments that do not run Active Directory or Kerberos, but which synchronize passwords between Solaris clients and their CIFS/SMB servers.
This module permits the login password to be stored as if the smbadm(1M) add-key command was used to store a password for PAM_USER in the user or system default domain.
To use this functionality, add the following line to the /etc/pam.d/login file:
auth optional pam_smbfs_login.so.1
The pam_sm_setcred(3PAM) function accepts the following flags:
Stores the authentication token for PAM_USER in the same manner as the smbadm(1M) add-key command.
Deletes the stored password for PAM_USER in the same manner as the smbadm(1M) remove-key command.
The following options can be passed to the pam_smbfs_login module:
Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.
Suppresses warning messages.
Upon successful completion of pam_sm_setcred(3PAM), PAM_SUCCESS is returned. The following error codes are returned upon error:
User is unknown.
Password is bad.
Domain is bad.
See attributes(5) for descriptions of the following attribute:
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.