Gregg Lebovitz
2002-May-22 10:41 UTC
[Samba] using winbind in pam.d/system-auth, double prompts for password
I am using samba-2.2.3a and samb-2.2.4 in my windows-2000 environment and have the my linux systems configured to use winbind in addition to standard unix for authentication. The problem I am seeing is that linux services and programs that prompt for a password will prompt first for unix authentication and then a second time for winbind authentication. Is there anyway to using winbind and unix authentication without requiring two separate password prompts? My system-auth file contains: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 typepassword sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Gregg -------------- next part -------------- HTML attachment scrubbed and removed
Andrew Bartlett
2002-May-22 15:43 UTC
[Samba] using winbind in pam.d/system-auth, double prompts for password
> Gregg Lebovitz wrote: > > I am using samba-2.2.3a and samb-2.2.4 in my windows-2000 environment > and have the my linux systems configured to use winbind in addition to > standard unix for authentication. > > The problem I am seeing is that linux services and programs that > prompt for a password will prompt first for unix authentication and > then a second time for winbind authentication. > > Is there anyway to using winbind and unix authentication without > requiring two separate password prompts?as well as adding the 'use_first_pass' option to the pam_winbind.so lines, you would do well to ensure you are using all 2.2.4 components. I fixed up a *LOT* of the PAM stuff in HEAD, which Jeremy merged for the 2.2.4 release. In particular 'must change now' works, as does password changing. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Possibly Parallel Threads
- using winbind in pam.d/system-auth, double prompts fo r password
- Correction - RE: using winbind in pam.d/system-auth, doub le prompts for password
- Samba 3 + LDAP on SuSE - how (missing /etc/pam.d/system-auth)
- winbind /etc/pam.d/system-auth
- winbind pam.d cofigurations