pam_smbfs_login - PAM user credential authentication module for SMB/CIFS client login
The pam_smbfs_login module implements pam_sm_setcred(3PAM) to provide functions that act equivalently to the smbadm(8) add-key command.
This optional functionality is meant to be used only in environments that do not run Active Directory or Kerberos, but which synchronize passwords between Solaris clients and their CIFS/SMB servers.
This module permits the login password to be stored as if the smbadm(8) add-key command was used to store a password for PAM_USER in the user or system default domain.
To use this functionality, an entry similar to the following line would be added to the end of the existing authentication PAM stack in the appropriate /etc/pam.d/_service_ file file:
auth optional pam_smbfs_login.so.1
To apply this to console logins, for example the /etc/pam.d/login file would be modified.
Authentication service modules must implement both pam_sm_authenticate(3PAM) and pam_sm_setcred(3PAM).
The pam_sm_setcred(3PAM) function accepts the following flags:
Stores the authentication token for PAM_USER in the same manner as the smbadm(8) add-key command.
Deletes the stored password for PAM_USER in the same manner as the smbadm(8) remove-key command.
The following options can be passed to the pam_smbfs_login module:
Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.
Suppresses warning messages.
Upon successful completion of pam_sm_authenticate(3PAM), PAM_IGNORE is returned. The following error codes are returned upon error:
Unable to retrieve authentication token.
Unable to allocate memory.
Upon successful completion of pam_sm_setcred(3PAM), PAM_SUCCESS is returned. The following error codes are returned upon error:
User is unknown.
Invalid SMB password.
Invalid SMB domain.
See attributes(7) for descriptions of the following attribute:
syslog(3C), libpam(3LIB), pam(3PAM), pam_setcred(3PAM), pam_sm(3PAM), pam_sm_authenticate(3PAM), pam_sm_chauthtok(3PAM), pam_sm_setcred(3PAM), smbfs(4FS), pam.conf(5), attributes(7), smbadm(8)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.