Please download 1.1.7 or 2.0.0-rc5, all earlier versions had remote root exploits...

[pam_smb Mailing List]

[Download Latest Stable release of pam_smb]

The pam_smb FAQ is now available.

NEWS

Remote root exploit discovered in 1.1.6 and older along with 2.0.0-rc development versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0686 to this issue.

What is pam_smb?

pam_smb is a PAM module/server which allows authentication of UNIX users using an NT server.

Features (v1 and v2):

  • Authenticates Linux users against SMB servers in user mode(95, NT, samba etc). Will not authenticate against share level systems.
  • Supported OSes: Linux (any PAM supporting distro), Solaris 2.6 or greater.
  • Supports NT/Lanman encrypted passwords.
  • Any service which uses PAM can authenticate against NT.
  • Can setup to ignore lack of a local password entry when something else provides the users information such as RADIUS.

Features (v2 only)
  • HP/UX 11 and FreeBSD 4.8 or 5.1 support.
  • Caching support.
  • Username mapping of Unix usernames to NT usernames.

How do I get pam_smb?

pam_smb is available currently in two version. Both are available from samba.org mirror download sites. The primary pam_smb FTP site is ftp://ftp.samba.org/pub/samba/pam_smb/

v1 - Original

The latest stable version is 1.1.7.

v2 - Next generation

The v2 development tree is available in CVS on sourceforge.net. The latest v2 pre-release is v2.0.0-rc5
It is also available from the authors primary site (in Ireland): http://www.csn.ul.ie/~airlied/pam_smb/v2/

How do I install it?

How do I Configure it?

Please read the supplied INSTALL file.

Where did pam_smb come from?

Please read the supplied CREDITS file.

Is there any known bugs in pam_smb?

In all version up to 1.1 there is a bug with login that when pam_smb is used login can under some circumstances segfault -- This bug is a known bug in login.c, a patch to login.c from util-linux is available on the primary site for pam_smb. Do not versions below 1.1.7 or 2.0.0-rc5 as they contain known root exploits.

Contact Information

This software is released under the GPL as found in the COPYING file enclosed. Any Questions to the author at
airlied at samba.org
or the pam_smb mailing list.
Dave Airlie 26 Aug 2003.
http://www.skynet.ie/~airlied