The necessary changes to pam have been uploaded, but now there's a
question of how to go about incorporating the libpam-smbpass package so
that the password synchronization actually takes place.
I've spoken with Kees Cook about the security implications, and he
strongly discourages enabling libpam-smbpass password synchronization by
default on the grounds that the NTLM password hashing is weaker than the
Unix password hashing. I've conceded this point, so I think the correct
thing to do here is to install libpam-smbpass at the same time that
samba is installed. For servers this means making it part of the samba-
server task, and for desktops that means hooking into nautilus-share so
that it will install both packages when filesharing is requested.
In the desktop case, we may want to provide users with some notice about
the fact that not all users will automatically have passwords available;
however, because the PAM integration will auto-sync passwords from the
Unix password store to the Samba password store on every successful
/authentication/, not just on password changes, if bug #212098 is
addressed then this already takes care of the problem for most desktop
users.
** Changed in: nautilus-share (Ubuntu Hardy)
Importance: Undecided => Medium
Assignee: (unassigned) => Ubuntu Desktop (ubuntu-desktop)
Status: New => Confirmed
** Changed in: ubuntu-meta (Ubuntu Hardy)
Importance: Undecided => Medium
Status: New => Confirmed
** Changed in: nautilus-share (Ubuntu Hardy)
Assignee: Ubuntu Desktop (ubuntu-desktop) => Ubuntu Desktop Bugs
(desktop-bugs)
--
Integrate samba password in PAM
https://bugs.launchpad.net/bugs/208419
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
