Go to main content

Managing SMB File Sharing and Windows Interoperability in Oracle® Solaris 11.3

Exit Print View

Updated: December 2017
 
 

About Persistent Passwords

Interactions with an SMB file server require authentication. For instance, when you view the shares available on an SMB server or you try to mount a share on your system, the transaction is authenticated.

You can supply the password each time that you make a connection to the server, or you can store a persistent password to be automatically used for these transactions.


Note -  A persistent password is not needed when Kerberos is configured on the client and server and you have a Kerberos ticket-granting ticket (TGT). In such configurations, you can view and mount shares without specifying a password.

Storing SMB Persistent Passwords

You can store a persistent password for each user on the SMB server that you use to access shares.

The password you store persists until the smbadm remove-key command is run for the user.

To store the persistent password for the SMB server, type the following command:

$ smbadm add-key [-u username]

You can specify the user name as a single name or use a format such as domain\username or username@domain.

The following command stores the persistent password for user1@solarsystem. Each time user1 performs a transaction with solarsystem, the persistent password is used to perform the authentication.

$ smbadm add-key -u user1@solarsystem
Password for SOLARSYSTEM/user1:

Configuring the PAM Module to Store an SMB Persistent Password

When installed, the pam_smbfs_login.so.1 module enables you to store a persistent password as if you had run the smbadm add-key command for PAM_USER in the user's or system's default domain.

This optional functionality is meant to be used only in environments that do not run AD or Kerberos, but which synchronize passwords between Oracle Solaris clients and their SMB servers.

Use your login name and password to store a persistent password.

Add the following line to the end of the /etc/pam.d/login file:

auth optional           pam_smbfs_login.so.1

This action adds a persistent password entry whenever a user logs into the system, as if they had run the smbadm add-key command.


Note -  The PAM module implements a privilege to permit it to run as superuser to store your password.

For more information, see the pam_smbfs_login(5) man page.

Deleting an SMB Persistent Password

You can delete persistent passwords that are stored by the smbadm add-key command.

To delete a single persistent password that was created by the user running the smbadm remove-key command, type the following command:

$ smbadm remove-key -u username

For example, the following command removes the persistent password for user1@solarsystem:

$ smbadm remove-key -u user1@solarsystem

To delete all persistent passwords that were created by the user running the smbadm remove-key command, type:

$ smbadm remove-key

For example, when user mary runs the command, he removes all of the persistent passwords that he created. After the passwords are deleted, the user is prompted for a password each time that he or she performs an SMB transaction.