[NTLUG:Discuss] WHAT PAM FILES!!!

[ntlug@rain4us.net]

> I think the problem is that he has 0 PAM files to start with.
> Before he was just adding 1, configuring VMWare to use traditional UNIX
> auth.

YES!!  YOU'VE GOT IT!  VMWARE is the only PAM enabled application that is
running on that particular server.   VMware instructions supplied the
/etc/pam.d/$FILENAME and the contents of $_.

Now I'm on a completely different server..and WINBINDD needs to
authenticate via PAM.  ...and you are correct....

> But now he wants to add Winbindd as a PAM option.
> So he'll have to create _all_ applicable PAM files for _all_ sevices that
> need to authenticate against Winbindd.

Yes.  I need a list of file names that belong in /etc/pam.d  Which
pam.d/filenames does winbindd call?  What should the contents of the pam.d
files be?

> (and do the services need to be rebuilt for PAM too?)

Other than the winbindd service...I don't see what else would need to be
pam anabled.  The fewer PAM services available, the better off things are.

> But if he is looking to authenticate against a CIFS/ADS domain, that's
> what is required AFAIK.

Which I am...which it is.    I went to dropline gnome..but they didn't
have a 'list' of pam files in the /etc/pam.d directory.   OHOH OH OH!! I
just remembered that I have two customers that have Application servers
that run RH9.0!  I'll go there!!!    PHEW.. I wish I'd have thought about
that sooner!

> I've had PAM distros as a crutch, so I may be totally off-the-mark.

I'd *rather* not use PAM...but it looks like I'm forced into it if I want
the Samba 3.0.9 domain to provide *unix user/group* authentication on
systems without *posix* accounts.


I'll let everyone know how it turns out.

-- 
Richard, the PAMless