xref: /illumos-gate/usr/src/man/man7/pam_smb_passwd.7 (revision 10a40e179c111088c21d8e895198ac95dcb83d14) 
 te
 Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 PAM_SMB_PASSWD 7 "August 19, 2023"
 NAME
pam_smb_passwd - SMB password management module

 SYNOPSIS
pam_smb_passwd.so.1




 DESCRIPTION
The pam_smb_passwd module enhances the PAM password management stack.
This functionality supports the changing or adding of SMB passwords for local
users. The CIFS server uses SMB passwords to authenticate
connected users. This module includes the pam_sm_chauthtok(3PAM)
function.


The pam_sm_chauthtok() function accepts the following flags:
PAM_PRELIM_CHECK


Always returns PAM_IGNORE.



PAM_SILENT


Suppresses messages.



PAM_UPDATE_AUTHTOK


Updates or creates a new CIFS local LM/NTLM hash for the user
that is specified in PAM_USER by using the authentication information
found in PAM_AUTHTOK. The LM hash is only created if the
smbd/lmauth_level property value of the smb/server service is set
to 3 or less. PAM_IGNORE is returned if the user is not in the local
/etc/passwd repository.





The following options can be passed to the pam_smb_passwd module:
debug


Produces syslog(3C) debugging information at the LOG_AUTH or
LOG_DEBUG level.



nowarn


Suppresses warning messages.




 FILES
/var/smb/smbpasswd


Stores SMB passwords for users.




 ERRORS
Upon successful completion of pam_sm_chauthtok(), PAM_SUCCESS is
returned. The following error codes are returned upon error:
PAM_AUTHTOK_ERR


Authentication token manipulation error



PAM_AUTHTOK_LOCK_BUSY


SMB password file is locked



PAM_PERM_DENIED


Permissions are insufficient for accessing the SMB password file



PAM_SYSTEM_ERR


System error



PAM_USER_UNKNOWN


User is unknown




 ATTRIBUTES
See the attributes(7) man page for descriptions of the following
attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Committed
MT Level MT-Safe with exceptions



 SEE ALSO
 syslog (3C),  libpam (3LIB),  pam (3PAM),  pam_chauthtok (3PAM),  pam_sm (3PAM),  pam_sm_chauthtok (3PAM),  pam.conf (5),  attributes (7),  smbd (8) 
 NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own PAM handle.


The pam_smb_passwd.so.1 module should be stacked following all password
qualification modules in the PAM password stack.