[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

NTDOM: pam for nt domains, version 0.1.



hello,

there's nothing like jumping in at the deep end, is there.

using david airlie's pam-smb 0.5, i wrote an alternative to the
"Verify_User(srv1, srv2, user, domain, passwd)" function that uses DCE/RPC
instead of SMBtrans, and called it pam-ntdom 0.1.

	http://mailhost.cb1.com/~lkcl/pam-ntdom/

i have a couple of really silly, questions, having had a quick look at the
web site and documentation.

1) where do i go to to give me a step-by-step guide to installing pam?  i
have slackware-3.1, kernel 2.1.26, the security modules, Linux-PAM-0.57,
pam-smb.0.5, pam-ntdom-0.1, edited modules/Makefile to add pam_smb and
pam_ntdom, got defs/linux.defs as the default.defs; done make; make
install; copied conf/pam.conf to /etc; created /etc/pam-smb.conf, run
examples/check_user and examples/blank, and the ntdom pam doesn't run. 
now i'm afraid to reboot, just in case something goes horribly
pear-shaped. 

[next question related to future development of pam-ntdom]

2) actually doing something is the best way to learn; asking someone else
the second best.  does the pam api support functionality that mirrors the
NT domain setup (described below):

- NT workstations have to join a domain ("Welcome to the SAMBA Domain",
for example.  and they can be made to leave a domain.  this is done by
setting up a "Trust Account" relationship between the workstation and the
server, and is typically only done once, and only by the administrator of
the Domain.

this is implemented as if the workstation itself is logging in to the
domain, not a user, and can only be done by the administrator.  the
alternative is to have the administrator manually add the workstation to
the domain, which is a pain.

- NT workstations, on start-up, contact the Domain Controller and maintain
an open session with it until the workstation is shut down.  once a week,
the workstation will change the "Workstation Trust Account" password.

- NT users log in, obtain their profile info (equivalent to the other
fields in /etc/password or NIS+ database) and when finished, logout.


to summarise the above:

is there an api to "add" and "remove" accounts (don't know);

is there an api to "initialise" and "terminate" a session (don't know); 

is there an api to "login", "obtain user-specific info", "logout" a user
(login, yes: profile, don't know: logout, don't know). 


luke


<a href="mailto:lkcl@switchboard.net";  > Luke Kenneth Casson Leighton  </a>
<a href="http://mailhost.cb1.com/~lkcl";> Samba Consultancy and Support </a>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []