1pam_smbfs_login(5) Standards, Environments, and Macros pam_smbfs_login(5)
2
3
4
6 pam_smbfs_login - PAM user credential authentication module for
7 SMB/CIFS client login
8
10 pam_smb_cred.so.1
11
12
14 The pam_smbfs_login module implements pam_sm_setcred(3PAM) to provide
15 functions that act equivalently to the smbutil(1) login command.
16
17
18 This optional functionality is meant to be used only in environments
19 that do not run Active Directory or Kerberos, but which synchronize
20 passwords between Solaris clients and their CIFS/SMB servers.
21
22
23 This module permits the login password to be stored as if the smbu‐
24 til(1) login command was used to store a password for PAM_USER in the
25 user or system default domain. The choice of default domain is the
26 first of the following:
27 -Domain entry specified in the default section of the $HOME/.nsmbrc
28 file, if readable.
29 -Domain entry specified in the default section shown by the sharectl
30 get smbfs command.
31 -String WORKGROUP.
32
33
34 Because pam_smbfs_login runs as root during the login process, a
35 $HOME/.nsmbrc file accessed through NFS may only be readable if the
36 file permits reads by others. This conflicts with the requirement that
37 passwords stored in $HOME/.nsmbrc are ignored when permissions are
38 open.
39
40
41 To use this functionality, add the following line to the /etc/pam.conf
42 file:
43
44 login auth optional pam_smbfs_login.so.1
45
46
47
48 Authentication service modules must implement both pam_sm_authenti‐
49 cate(3PAM) and pam_sm_setcred(3PAM). In this module, pam_sm_authenti‐
50 cate(3PAM) always returns PAM_IGNORE.
51
52
53 The pam_sm_setcred(3PAM) function accepts the following flags:
54
55 PAM_REFRESH_CRED
56
57 Returns PAM_IGNORE.
58
59
60 PAM_SILENT
61
62 Suppresses messages.
63
64
65 PAM_ESTABLISH_CRED
66 PAM_REINITIALIZE_CRED
67
68 Stores the authentication token for PAM_USER in the same manner as
69 the smbutil(1) login command.
70
71
72 PAM_DELETE_CRED
73
74 Deletes the stored password for PAM_USER in the same manner as the
75 smbutil(1) logout command.
76
77
78
79 The following options can be passed to the pam_smbfs_login module:
80
81 debug
82
83 Produces syslog(3C) debugging information at the LOG_AUTH or
84 LOG_DEBUG level.
85
86
87 nowarn
88
89 Suppresses warning messages.
90
91
93 $HOME/.nsmbrc Find default domain, if present.
94
95
97 Upon successful completion of pam_sm_setcred(3PAM), PAM_SUCCESS is
98 returned. The following error codes are returned upon error:
99
100 PAM_USER_UNKNOWN
101
102 User is unknown.
103
104
105 PAM_AUTHTOK_ERR
106
107 Password is bad.
108
109
110 PAM_AUTH_ERR
111
112 Domain is bad.
113
114
115 PAM_SYSTEM_ERR
116
117 System error.
118
119
121 See attributes(5) for descriptions of the following attribute:
122
123
124
125
126 ┌─────────────────────────────┬─────────────────────────────┐
127 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
128 ├─────────────────────────────┼─────────────────────────────┤
129 │Interface Stability │ Committed │
130 ├─────────────────────────────┼─────────────────────────────┤
131 │MT Level │ MT-Safe with exceptions │
132 └─────────────────────────────┴─────────────────────────────┘
133
135 smbutil(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_setcred(3PAM),
136 pam_sm(3PAM), pam_sm_authenticate(3PAM), pam_sm_chauthtok(3PAM),
137 pam_sm_setcred(3PAM), pam.conf(4), attributes(5), smbfs(7FS)
138
140 The interfaces in libpam(3LIB) are MT-Safe only if each thread within
141 the multi-threaded application uses its own PAM handle.
142
143
144
145SunOS 5.11 25 Sep 2008 pam_smbfs_login(5)