PAM_SMB_PASSWD(7) Standards, Environments, and Macros PAM_SMB_PASSWD(7)

pam_smb_passwd - SMB password management module

pam_smb_passwd.so.1

The pam_smb_passwd module enhances the PAM password management stack. This functionality supports the changing or adding of SMB passwords for local users. The CIFS server uses SMB passwords to authenticate connected users. This module includes the pam_sm_chauthtok(3PAM) function.

The pam_sm_chauthtok() function accepts the following flags:

PAM_PRELIM_CHECK

Always returns PAM_IGNORE.

PAM_SILENT

Suppresses messages.

PAM_UPDATE_AUTHTOK

Updates or creates a new CIFS local LM/NTLM hash for the user that is specified in PAM_USER by using the authentication information found in PAM_AUTHTOK. The LM hash is only created if the smbd/lmauth_level property value of the smb/server service is set to 3 or less. PAM_IGNORE is returned if the user is not in the local /etc/passwd repository.

The following options can be passed to the pam_smb_passwd module:

debug

Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.

nowarn

Suppresses warning messages.

/var/smb/smbpasswd

Stores SMB passwords for users.

Upon successful completion of pam_sm_chauthtok(), PAM_SUCCESS is returned. The following error codes are returned upon error:

PAM_AUTHTOK_ERR

Authentication token manipulation error

PAM_AUTHTOK_LOCK_BUSY

SMB password file is locked

PAM_PERM_DENIED

Permissions are insufficient for accessing the SMB password file

PAM_SYSTEM_ERR

System error

PAM_USER_UNKNOWN

User is unknown

See the attributes(7) man page for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Committed
MT Level MT-Safe with exceptions

syslog(3C), libpam(3LIB), pam(3PAM), pam_chauthtok(3PAM), pam_sm(3PAM), pam_sm_chauthtok(3PAM), pam.conf(5), attributes(7), smbd(8)

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

The pam_smb_passwd.so.1 module should be stacked following all password qualification modules in the PAM password stack.

August 19, 2023 OmniOS