On Wed, Feb 02, 2005 at 05:01:23PM +0000, Martin Orr wrote: > Package: wnpp > Severity: wishlist > Owner: Martin Orr <martin@martinorr.name> > Package name : libpam-smb > Version : 1.9.9+2.0.0-rc6 > Upstream Author : Dave Airlie <airlied@samba.org> > URL : http://www.csn.ul.ie/~airlied/pam_smb/ > License : GPL > Description : Pluggable Authentication Module authenticating from NT server > This is a PAM module, which can verify user passwords from Windows NT > servers. It differs from winbind in that it does not require you to have > administrative access to the NT domain in order to join it, and in that > it does not contain an NSS module to obtain user account information from > NT - only passwords. > This package is present in woody (version 1.1.6) but was removed in 2003 > following maintainer inactivity, and because Steve Langasek asserted that it > was obsolete. Certainly winbind is to be preferred in most circumstances > but I at least find this package useful because I am unable to get > administrative access to the relevant NT domain. Yes, I still stand by this assessment. The libpam-smb module offers no cryptographic trust, and deploying this authentication method instead of getting approval for a domain join from the admin risks compromising domain security policies without the admin's approval or awareness. It's also inherently unreliable. I don't think this code should be reintroduced to Debian. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature