Please download 1.1.7 or 2.0.0-rc5, all earlier versions had remote root exploits...[pam_smb Mailing List]
The pam_smb FAQ is now available.
NEWSRemote root exploit discovered in 1.1.6 and older along with 2.0.0-rc development versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0686 to this issue.
What is pam_smb?pam_smb is a PAM module/server which allows authentication of UNIX users using an NT server.
Features (v1 and v2):
Features (v2 only)
How do I get pam_smb?pam_smb is available currently in two version. Both are available from samba.org mirror download sites. The primary pam_smb FTP site is ftp://ftp.samba.org/pub/samba/pam_smb/
v1 - OriginalThe latest stable version is 1.1.7.
v2 - Next generationThe v2 development tree is available in CVS on sourceforge.net. The latest v2 pre-release is v2.0.0-rc5
It is also available from the authors primary site (in Ireland): http://www.csn.ul.ie/~airlied/pam_smb/v2/
How do I install it?
How do I Configure it?Please read the supplied INSTALL file.
Where did pam_smb come from?Please read the supplied CREDITS file.
Is there any known bugs in pam_smb?In all version up to 1.1 there is a bug with login that when pam_smb is used login can under some circumstances segfault -- This bug is a known bug in login.c, a patch to login.c from util-linux is available on the primary site for pam_smb. Do not versions below 1.1.7 or 2.0.0-rc5 as they contain known root exploits.
Contact InformationThis software is released under the GPL as found in the COPYING file enclosed. Any Questions to the author at airlied at samba.org or the pam_smb mailing list.
Dave Airlie 26 Aug 2003.