Standards, Environments, and Macros pam_smbfs_login(5)
NAME
pam_smbfs_login - PAM user credential authentication module
for SMB/CIFS client login
SYNOPSIS
pam_smb_cred.so.1
DESCRIPTION
The pam_smbfs_login module implements pam_sm_setcred(3PAM)
to provide functions that act equivalently to the smbutil(1) login command. This optional functionality is meant to be used only in environments that do not run Active Directory or Kerberos, but which synchronize passwords between Solaris clients andtheir CIFS/SMB servers. This module permits the login password to be stored as if the smbutil(1) login command was used to store a password
for PAM_USER in the user or system default domain. The
choice of default domain is the first of the following:-Domain entry specified in the default section of the
$HOME/.nsmbrc file, if readable.
-Domain entry specified in the default section shown by
the sharectl get smbfs command.-String WORKGROUP.
Because pam_smbfs_login runs as root during the login pro-
cess, a $HOME/.nsmbrc file accessed through NFS may only be
readable if the file permits reads by others. This conflictswith the requirement that passwords stored in $HOME/.nsmbrc
are ignored when permissions are open. To use this functionality, add the following line to the /etc/pam.conf file:login auth optional pam_smbfs_login.so.1
Authentication service modules must implement bothpam_sm_authenticate(3PAM) and pam_sm_setcred(3PAM). In this
module, pam_sm_authenticate(3PAM) always returns PAM_IGNORE.
The pam_sm_setcred(3PAM) function accepts the following
flags:SunOS 5.11 Last change: 25 Sep 2008 1
Standards, Environments, and Macros pam_smbfs_login(5)
PAM_REFRESH_CRED
Returns PAM_IGNORE.
PAM_SILENT
Suppresses messages.PAM_ESTABLISH_CRED
PAM_REINITIALIZE_CRED
Stores the authentication token for PAM_USER in the same
manner as the smbutil(1) login command.PAM_DELETE_CRED
Deletes the stored password for PAM_USER in the same
manner as the smbutil(1) logout command.The following options can be passed to the pam_smbfs_login
module: debug Produces syslog(3C) debugging information at theLOG_AUTH or LOG_DEBUG level.
nowarn Suppresses warning messages. FILES$HOME/.nsmbrc Find default domain, if present.
ERRORS
Upon successful completion of pam_sm_setcred(3PAM),
PAM_SUCCESS is returned. The following error codes are
returned upon error:PAM_USER_UNKNOWN
User is unknown.SunOS 5.11 Last change: 25 Sep 2008 2
Standards, Environments, and Macros pam_smbfs_login(5)
PAM_AUTHTOK_ERR
Password is bad.PAM_AUTH_ERR
Domain is bad.PAM_SYSTEM_ERR
System error.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
bute:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
| MT Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
smbutil(1), syslog(3C), libpam(3LIB), pam(3PAM),pam_setcred(3PAM), pam_sm(3PAM), pam_sm_authenticate(3PAM),
pam_sm_chauthtok(3PAM), pam_sm_setcred(3PAM), pam.conf(4),
attributes(5), smbfs(7FS) NOTESThe interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.SunOS 5.11 Last change: 25 Sep 2008 3