Re: Samba e PAM
Cara,
depende um pouco da solução que vc vai usar.
Se vc der um pouco mais de detalhes...
A pouco tempo tive que integrar um samba com um domínio AD. Assim sendo usei
uma trinca samba + openldap + PAM.
também serviria usar o samba + Winbind + PAM.
Normalmente quando se instala o samba via APT (pelo menos no debian) ele já
inclui os pacotes necessários para suporte e integração com PAM.
Você pode ver uma lista bem útil no link abaixo:
http://www.zago.eti.br/A-menu-samba.html
retirado do website do samba:
Pluggable Authentication Modules - PAM
Pluggable Authentication Modules, also known as PAM, is a system for
abstracting authentication and authorization technologies. With a PAM module
it is possible to specify different authentication methods for different
system applications without having to recompile these applications. PAM is
also useful for implementing a particular policy for authorization. For
example, a system administrator may only allow console logins from users
stored in the local password file but only allow users resolved from a NIS
database to log in over the network.
Winbind uses the authentication management and password management PAM
interface to integrate Windows NT users into a UNIX system. This allows
Windows NT users to log in to a UNIX machine and be authenticated against a
suitable Primary Domain Controller. These users can also change their
passwords and have this change take effect directly on the Primary Domain
Controller.
PAM is configured by providing control files in the directory /etc/pam.d/ for
each of the services that require authentication. When an authentication
request is made by an application, the PAM code in the C library looks up
this control file to determine what modules to load to do the authentication
check and in what order. This interface makes adding a new authentication
service for Winbind very easy. All that needs to be done is that the
pam_winbind.so module is copied to /lib/security/ and the PAM control files
for relevant services are updated to allow authentication via Winbind. See
the PAM documentation in PAM-Based Distributed Authentication for more
information.
User and Group ID Allocation
When a user or group is created under Windows NT/200x it is allocated a
numerical relative identifier (RID). This is slightly different from UNIX
which has a range of numbers that are used to identify users, and the same
range in which to identify groups. It is Winbind's job to convert RIDs to
UNIX ID numbers and vice versa. When Winbind is configured, it is given part
of the UNIX user ID space and a part of the UNIX group ID space in which to
store Windows NT users and groups. If a Windows NT user is resolved for the
first time, it is allocated the next UNIX ID from the range. The same process
applies for Windows NT groups. Over time, Winbind will have mapped all
Windows NT users and groups to UNIX user IDs and group IDs.
The results of this mapping are stored persistently in an ID mapping database
held in a tdb database). This ensures that RIDs are mapped to UNIX IDs in a
consistent way.
Espero ter ajudado, se precisar posta aqui !!!
Valeus,
--
Guilherme Rocha
Analista de Sistemas e Serviços
Sul Soluções Informática Ltda.
http://www.sulsolucoes.com.br
+55-71-240-2026/240-3975
Em Seg 02 Mai 2005 23:07, caio ferreira escreveu:
> All
>
> Por acaso alguém teria algum texto sobre a integração entre o Samba e o
> PAM ??! Encontrei informações no próprio site do samba, mas surgiu uma
> dúvida, qual pacote do PAM devo instalar, por acaso seria o libpam-smbpass
> ?!?!
>
> Desde já agradeço pela atenção.
Reply to: