token associated with the user. Typically, there is one module for each `challenge/response'
based authentication (auth) module-type.
</para></listitem>
- </itemizedlist>
+ </itemizedlist></listitem>
</varlistentry>
<varlistentry><term>control-flag</term><listitem><para>-</para>
<itemizedlist>
<listitem><para>
- <empahsis>required:</emphasis> this indicates that the success of the module is required for the
+ <emphasis>required:</emphasis> this indicates that the success of the module is required for the
module-type facility to succeed. Failure of this module will not be apparent to the user until all
of the remaining modules (of the same module-type) have been executed.
</para></listitem>
However, in the absence of any definite successes or failures of previous or subsequent stacked
modules this module will determine the nature of the response to the application. One example of
this latter case, is when the other modules return something like PAM_IGNORE.
- </para>
+ </para></listitem>
</itemizedlist>
<para>
terms of the [...] syntax. They are as follows:
</para>
+ <para>
<itemizedlist>
<listitem><para>
required is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=bad]
optional is equivalent to [success=ok new_authtok_reqd=ok default=ignore]
</para></listitem>
</itemizedlist>
+ </para>
<para>
Just to get a feel for the power of this new syntax, here is a taste of what you can do with it. With Linux-PAM-0.63,
to support binary prompts with compliant clients, but to gracefully fall over into an alternative authentication
mode for older, legacy, applications.
</para>
+ </listitem>
</varlistentry>
<varlistentry><term>module-path</term><listitem><para>-</para>
Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the
side of caution) to make the authentication process fail. A corresponding error is written to the system log files
with a call to syslog(3).
- </para>
+ </para></listitem>
</varlistentry>
</variablelist>
PAM documentation for further helpful information.
</para></note>
+</sect2>
+
<sect2>
<title>PAM Configuration in smb.conf</title>
</sect2>
<sect2>
-<title>Password Synchronisation using pam_smbpass.so</title>
+<title>Password Synchronization using pam_smbpass.so</title>
<para>
pam_smbpass is a PAM module which can be used on conforming systems to
<para>
Options recognized by this module are as follows:
<table frame="all">
- <title>Options recognized by pam_mkpass</title>
+ <title>Options recognized by pam_smbpass</title>
<tgroup cols="2" align="left">
<tbody>
<row><entry>debug</entry><entry>log more debugging info</entry></row>
password required pam_krb5.so use_authtok try_first_pass
session required pam_krb5.so
</screen></para>
+
</sect3>
</sect2>
+
</sect1>
<sect1>