Use of pam_exec or pam_smbpass

David Jansen jansen at strw.leidenuniv.nl
Wed Nov 2 14:44:08 UTC 2011


> What's the GUI?  Couldn't you do this thru a webpage and just have the
> webserver take the appropriate information and then pass that
> to your backend application?  Then, only the webserver needs to be 
> part and parcel in the SMB domain and you could use your
> pam_smbpass solution.

I meant the locations that allow changing a password, like in the Gnome
preferences. I want to avoid the situation, where a user sees a password
change option somewhere, that seems to work (it changes the Linux
password), but causes problems later (Windows or Radius doesn't use the
new password).
That's why I hope to solve this on the PAM level somehow, so all
programs that change passwords, will work completely. Telling the users
to change their password on some web page, is not really an improvement
over aliasing 'passwd' to the command needed to change the password, and
telling them to only use that command, and not any other interface that
offers to change a password.

David Jansen



More information about the users mailing list