pam_smbfs_login(5) [opensolaris man page]

pam_smbfs_login(5)					Standards, Environments, and Macros					pam_smbfs_login(5)

NAME

       pam_smbfs_login - PAM user credential authentication module for SMB/CIFS client login

SYNOPSIS

       pam_smb_cred.so.1

DESCRIPTION

       The pam_smbfs_login module  implements pam_sm_setcred(3PAM) to provide functions that act equivalently to the smbutil(1) login command.

       This optional functionality is meant  to be used only in environments  that  do not run Active Directory or Kerberos, but which synchronize
       passwords between Solaris clients and their CIFS/SMB servers.

       This module permits the login password to be stored as if the smbutil(1) login command was used to store a password  for  PAM_USER  in  the
       user or system default  domain. The choice of default domain is the first of the following:
	 -Domain entry specified in the  default  section of the $HOME/.nsmbrc file, if readable.
	 -Domain entry specified in the default section shown by the sharectl get smbfs command.
	 -String WORKGROUP.

       Because	pam_smbfs_login  runs as root during the login process, a $HOME/.nsmbrc file accessed through NFS may only be readable if the file
       permits reads by others. This conflicts with the requirement that passwords stored in $HOME/.nsmbrc are ignored when permissions are open.

       To use this functionality,  add the following line to the /etc/pam.conf file:

	 login	auth optional	 pam_smbfs_login.so.1

       Authentication service modules must implement both pam_sm_authenticate(3PAM) and pam_sm_setcred(3PAM).  In  this  module,  pam_sm_authenti-
       cate(3PAM) always returns PAM_IGNORE.

       The pam_sm_setcred(3PAM) function accepts the following flags:

       PAM_REFRESH_CRED

	   Returns PAM_IGNORE.

       PAM_SILENT

	   Suppresses messages.

       PAM_ESTABLISH_CRED
       PAM_REINITIALIZE_CRED

	   Stores the authentication token for PAM_USER in the same manner as the smbutil(1) login command.

       PAM_DELETE_CRED

	   Deletes the stored password for PAM_USER in the same manner as the smbutil(1) logout command.

       The following options can be passed to the pam_smbfs_login module:

       debug

	   Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.

       nowarn

	   Suppresses warning messages.

FILES

       $HOME/.nsmbrc		   Find default domain, if present.

ERRORS

       Upon successful completion of pam_sm_setcred(3PAM), PAM_SUCCESS is  returned. The  following  error codes are returned upon error:

       PAM_USER_UNKNOWN

	   User is unknown.

       PAM_AUTHTOK_ERR

	   Password is bad.

       PAM_AUTH_ERR

	   Domain is bad.

       PAM_SYSTEM_ERR

	   System error.

ATTRIBUTES

       See attributes(5) for descriptions of the following attribute:

       +-----------------------------+-----------------------------+
       |       ATTRIBUTE TYPE	     |	     ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     | Committed		   |
       +-----------------------------+-----------------------------+
       |MT Level		     | MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       smbutil(1),  syslog(3C),  libpam(3LIB),	pam(3PAM),  pam_setcred(3PAM),	pam_sm(3PAM),  pam_sm_authenticate(3PAM),  pam_sm_chauthtok(3PAM),
       pam_sm_setcred(3PAM), pam.conf(4), attributes(5), smbfs(7FS)

NOTES

       The interfaces in libpam(3LIB) are MT-Safe only	if each thread within the multi-threaded application uses its own PAM handle.

SunOS 5.11							    25 Sep 2008 						pam_smbfs_login(5)