Standards, Environments, and Macros            pamsmbfslogin(5)



NAME
     pamsmbfslogin - PAM user credential authentication  module
     for SMB/CIFS client login

SYNOPSIS
     pamsmbcred.so.1


DESCRIPTION
     The pamsmbfslogin module  implements  pamsmsetcred(3PAM)
     to provide functions that act equivalently to the smbutil(1)
     login command.


     This optional functionality is meant  to  be  used  only  in
     environments  that  do not run Active Directory or Kerberos,
     but which synchronize passwords between Solaris clients  and
     their CIFS/SMB servers.


     This module permits the login password to be  stored  as  if
     the  smbutil(1)  login  command was used to store a password
     for PAMUSER in the user  or  system  default   domain.  The
     choice of default domain is the first of the following:
       -Domain entry specified in the  default   section  of  the
       $HOME/.nsmbrc file, if readable.
       -Domain entry specified in the default  section  shown  by
       the sharectl get smbfs command.
       -String WORKGROUP.


     Because pamsmbfslogin runs as root during the  login  pro-
     cess,  a $HOME/.nsmbrc file accessed through NFS may only be
     readable if the file permits reads by others. This conflicts
     with  the requirement that passwords stored in $HOME/.nsmbrc
     are ignored when permissions are open.


     To use this functionality,  add the following  line  to  the
     /etc/pam.conf file:

       login  auth optional    pamsmbfslogin.so.1



     Authentication   service   modules   must   implement   both
     pamsmauthenticate(3PAM)  and pamsmsetcred(3PAM). In this
     module, pamsmauthenticate(3PAM) always returns PAMIGNORE.


     The  pamsmsetcred(3PAM)  function  accepts  the  following
     flags:



SunOS 5.11          Last change: 25 Sep 2008                    1






Standards, Environments, and Macros            pamsmbfslogin(5)



     PAMREFRESHCRED

         Returns PAMIGNORE.


     PAMSILENT

         Suppresses messages.


     PAMESTABLISHCRED
     PAMREINITIALIZECRED

         Stores the authentication token for PAMUSER in the same
         manner as the smbutil(1) login command.


     PAMDELETECRED

         Deletes the stored password for  PAMUSER  in  the  same
         manner as the smbutil(1) logout command.



     The following options can be passed to  the  pamsmbfslogin
     module:

     debug

         Produces  syslog(3C)  debugging   information   at   the
         LOGAUTH or LOGDEBUG level.


     nowarn

         Suppresses warning messages.


FILES
     $HOME/.nsmbrc               Find default domain, if present.


ERORS
     Upon   successful   completion   of    pamsmsetcred(3PAM),
     PAMSUCES  is   returned.  The  following  error codes are
     returned upon error:

     PAMUSERUNKNOWN

         User is unknown.





SunOS 5.11          Last change: 25 Sep 2008                    2






Standards, Environments, and Macros            pamsmbfslogin(5)



     PAMAUTHTOKER

         Password is bad.


     PAMAUTHER

         Domain is bad.


     PAMSYSTEMER

         System error.


ATRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     bute:



     
            ATRIBUTE TYPE               ATRIBUTE VALUE      
    
     Interface Stability           Committed                  
    
     MT Level                      MT-Safe with exceptions    
    


SEE ALSO
     smbutil(1),     syslog(3C),     libpam(3LIB),     pam(3PAM),
     pamsetcred(3PAM),  pamsm(3PAM), pamsmauthenticate(3PAM),
     pamsmchauthtok(3PAM),  pamsmsetcred(3PAM),  pam.conf(4),
     attributes(5), smbfs(7FS)

NOTES
     The interfaces in libpam(3LIB) are  MT-Safe  only   if  each
     thread  within  the  multi-threaded application uses its own
     PAM handle.















SunOS 5.11          Last change: 25 Sep 2008                    3