The branch, v3-4-test has been updated via 9b3d5fc7de1103a634b86ff4d18ceb146ca6b027 (commit) via d547aab1511c72e1cab034e2945f6ad63bda6659 (commit) via 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1 (commit) via 24d6f697844bc85a03c047e5470abcfdd53735a2 (commit) via 55df96313c5b966f41b0b5c426cf6a420cafa855 (commit) from e24c2401750212d7212952f574ed9765fb1f2e8e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit 9b3d5fc7de1103a634b86ff4d18ceb146ca6b027 Author: Andreas Schneider <m...@cynapses.org> Date: Mon Jun 15 12:22:58 2009 +0200 Fix the section of the pam_winbind manpage. Signed-off-by: Andreas Schneider <m...@cynapses.org> commit d547aab1511c72e1cab034e2945f6ad63bda6659 Author: Andreas Schneider <m...@cynapses.org> Date: Mon Jun 15 12:21:07 2009 +0200 Move pam_winbind to the right manpage section (8). Signed-off-by: Andreas Schneider <m...@cynapses.org> (cherry picked from commit 59ab1574e41993d24733affbca07d3f7da245fc7) commit 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1 Author: Andreas Schneider <m...@cynapses.org> Date: Mon Jun 15 12:16:49 2009 +0200 Dcoument the PAM data exports in the pam_winbind manpage. Signed-off-by: Andreas Schneider <m...@cynapses.org> (cherry picked from commit 1809ff4b2339bd3066532abccea0944da45edf64) commit 24d6f697844bc85a03c047e5470abcfdd53735a2 Author: Andreas Schneider <m...@cynapses.org> Date: Mon Jun 15 12:16:15 2009 +0200 Document the try_first_pass option in the pam_winbind manpage. Signed-off-by: Andreas Schneider <m...@cynapses.org> (cherry picked from commit 779eea49de3f53040fe792de4b74b73a0c51ecb3) commit 55df96313c5b966f41b0b5c426cf6a420cafa855 Author: Andreas Schneider <m...@cynapses.org> Date: Mon Jun 15 12:15:26 2009 +0200 Add a synopsis section to the pam_winbind manpage. Signed-off-by: Andreas Schneider <m...@cynapses.org> (cherry picked from commit 24f9f32fedb92f881658db856db15173e57af0bd) ----------------------------------------------------------------------- Summary of changes: docs-xml/Samba3-HOWTO/manpages.xml | 2 +- .../{pam_winbind.7.xml => pam_winbind.8.xml} | 90 ++++++++++++++++++-- 2 files changed, 82 insertions(+), 10 deletions(-) rename docs-xml/manpages-3/{pam_winbind.7.xml => pam_winbind.8.xml} (70%) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/manpages.xml b/docs-xml/Samba3-HOWTO/manpages.xml index 4de54bf..eef4207 100644 --- a/docs-xml/Samba3-HOWTO/manpages.xml +++ b/docs-xml/Samba3-HOWTO/manpages.xml @@ -22,7 +22,7 @@ <xi:include href="../manpages-3/nmbd.8.xml"/> <xi:include href="../manpages-3/nmblookup.1.xml"/> <xi:include href="../manpages-3/ntlm_auth.1.xml"/> - <xi:include href="../manpages-3/pam_winbind.7.xml"/> + <xi:include href="../manpages-3/pam_winbind.8.xml"/> <xi:include href="../manpages-3/pdbedit.8.xml"/> <xi:include href="../manpages-3/profiles.1.xml"/> <xi:include href="../manpages-3/rpcclient.1.xml"/> diff --git a/docs-xml/manpages-3/pam_winbind.7.xml b/docs-xml/manpages-3/pam_winbind.8.xml similarity index 70% rename from docs-xml/manpages-3/pam_winbind.7.xml rename to docs-xml/manpages-3/pam_winbind.8.xml index ced6174..730ad96 100644 --- a/docs-xml/manpages-3/pam_winbind.7.xml +++ b/docs-xml/manpages-3/pam_winbind.8.xml @@ -1,13 +1,13 @@ <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="pam_winbind.7"> +<refentry id="pam_winbind.8"> <refmeta> <refentrytitle>pam_winbind</refentrytitle> - <manvolnum>7</manvolnum> + <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">7</refmiscinfo> - <refmiscinfo class="version">3.4</refmiscinfo> + <refmiscinfo class="manual">8</refmiscinfo> + <refmiscinfo class="version">3.5</refmiscinfo> </refmeta> @@ -29,6 +29,31 @@ </refsect1> <refsect1> + <title>SYNOPSIS</title> + + <para> + Edit the PAM system config /etc/pam.d/service and modify it as the following example shows: + <programlisting> + ... + auth required pam_env.so + auth sufficient pam_unix2.so + +++ auth required pam_winbind.so use_first_pass + account requisite pam_unix2.so + +++ account required pam_winbind.so use_first_pass + +++ password sufficient pam_winbind.so + password requisite pam_pwcheck.so cracklib + password required pam_unix2.so use_authtok + session required pam_unix2.so + +++ session required pam_winbind.so + ... + </programlisting> + + Make sure that pam_winbind is one of the first modules in the session part. It may retrieve + kerberos tickets which are needed by other modules. + </para> +</refsect1> + +<refsect1> <title>OPTIONS</title> <para> @@ -64,11 +89,6 @@ </varlistentry> <varlistentry> - <term>try_first_pass</term> - <listitem><para></para></listitem> - </varlistentry> - - <varlistentry> <term>use_first_pass</term> <listitem><para> By default, pam_winbind tries to get the authentication token from a previous module. If no token is available @@ -78,6 +98,14 @@ </varlistentry> <varlistentry> + <term>try_first_pass</term> + <listitem><para> + Same as the use_first_pass option (previous item), except that if the primary password is not + valid, PAM will prompt for a password. + </para></listitem> + </varlistentry> + + <varlistentry> <term>use_authtok</term> <listitem><para> Set the new password to the one provided by the previously stacked password module. If this option is not set @@ -157,6 +185,50 @@ </refsect1> <refsect1> + <title>PAM DATA EXPORTS</title> + + <para>This section describes the data exported in the PAM stack which could be used in other PAM modules.</para> + + <varlistentry> + <term>PAM_WINBIND_HOMEDIR</term> + <listitem> + <para> + This is the Windows Home Directory set in the profile tab in the user settings + on the Active Directory Server. This could be a local path or a directory on a + share mapped to a drive. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_WINBIND_LOGONSCRIPT</term> + <listitem> + <para> + The path to the logon script which should be executed if a user logs in. This is + normally a relative path to the script stored on the server. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_WINBIND_LOGONSERVER</term> + <listitem> + <para> + This exports the Active Directory server we are authenticating against. This can be + used as a variable later. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_WINBIND_PROFILEPATH</term> + <listitem> + <para> + This is the profile path set in the profile tab in the user settings. Noramlly + the home directory is synced with this directory on a share. + </para> + </listitem> + </varlistentry> +</refsect1> + +<refsect1> <title>SEE ALSO</title> <para><citerefentry> <refentrytitle>wbinfo</refentrytitle> -- Samba Shared Repository