samba - May 2002 - PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate SSH

Hello,

I'm currently running winbind (from Samba 2.2.3a) so that our
Windows users can ssh into our Linux box.  I've set up Samba,
PAM and winbind, and it's working well.  Users can see their
files, and they can log in using their windows usernames.  No
problem.

When users access their Samba share, they don't need
to reauthenticate, because they've already done so with
the PDC via their Windows box.

Is there a way to set up PAM so that authenticated Windows
users who ssh into the Linux box don't need to type a
password?  (This will make using CVS much easier)

I have looked at winbind, pam_smb_pass, pam_smb_auth and
pam_ntdom but can't seem to find any clearcut answer to
this question.

Any help you could give me would be most appreciated.

Regards,

Mitch.
--
mailto:mjd@alphalink.com.au

> Message: 15
> From: mjd@alphalink.com.au
> Reply-To: mjd@alphalink.com.au
> To: samba@lists.samba.org
> Date: Wed, 22 May 2002 14:14:10 +1000
> Subject: [Samba] PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to
authenticate SSH
> 
> Hello,
> 
> I'm currently running winbind (from Samba 2.2.3a) so that our
> Windows users can ssh into our Linux box.  I've set up Samba,
> PAM and winbind, and it's working well.  Users can see their
> files, and they can log in using their windows usernames.  No
> problem.
> 
> When users access their Samba share, they don't need
> to reauthenticate, because they've already done so with
> the PDC via their Windows box.
> 
> Is there a way to set up PAM so that authenticated Windows
> users who ssh into the Linux box don't need to type a
> password?  (This will make using CVS much easier)
> 
If you get them to generate ssh-keys, and put the public key in 
~/.ssh/authorized_keys on the server, then they won't need passwords. 
You will either:

1)Have to get ssh-agent working on windows (I haven't managed, but 
Putty's pageant does work, but that's not what you want for cvs)

2)Create keys without passphrases.

Just check the perms on ~/.ssh, ssh is quite sticky (for good reason). 
Must be 700 on ~/.ssh, and 600 on ~/.ssh/* except for ~/.ssh/*public*

Since we have Z: mapped as the home directory on our samba server, we 
set the HOME env variable on windows to Z:, which ensures that cygwin 
ssh uses the same .ssh as linux :-).
> I have looked at winbind, pam_smb_pass, pam_smb_auth and
> pam_ntdom but can't seem to find any clearcut answer to
> this question.
Has anyone thought of writing  a pam_ntlm (or something) module that 
would do the same? Or should pam_winbind handle this?

Buchan

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7