'\" te
.\" Copyright (c) 2010, Sun Microsystems, Inc. All Rights Reserved.
.TH pam_smb_passwd 5 "19 Mar 2010" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
pam_smb_passwd \- SMB password management module
.SH SYNOPSIS
.LP
.nf
\fBpam_smb_passwd.so.1\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBpam_smb_passwd\fR module enhances the PAM password management stack. This functionality supports the changing or adding of SMB passwords for local Solaris users. The Solaris SMB server uses SMB passwords to authenticate connected Solaris users. This module includes the \fBpam_sm_chauthtok\fR(3PAM) function.
.sp
.LP
The \fBpam_sm_chauthtok()\fR function accepts the following flags:
.sp
.ne 2
.mk
.na
\fB\fBPAM_PRELIM_CHECK\fR\fR
.ad
.sp .6
.RS 4n
Always returns \fBPAM_IGNORE\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_SILENT\fR\fR
.ad
.sp .6
.RS 4n
Suppresses messages.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_UPDATE_AUTHTOK\fR\fR
.ad
.sp .6
.RS 4n
Updates or creates a new \fBSMB\fR local \fBLM\fR/\fBNTLM\fR hash for the user that is specified in \fBPAM_USER\fR by using the authentication information found in \fBPAM_AUTHTOK\fR. The \fBLM\fR hash is only created if the \fBsmbd/lmauth_level\fR property value of the \fBsmb/server\fR service is set to 3 or less. \fBPAM_IGNORE\fR is returned if the user is not in the local \fB/etc/passwd\fR repository.
.RE

.sp
.LP
The following options can be passed to the \fBpam_smb_passwd\fR module:
.sp
.ne 2
.mk
.na
\fB\fBdebug\fR\fR
.ad
.sp .6
.RS 4n
Produces \fBsyslog\fR(3C) debugging information at the \fBLOG_AUTH\fR or \fBLOG_DEBUG\fR level.
.RE

.sp
.ne 2
.mk
.na
\fB\fBnowarn\fR\fR
.ad
.sp .6
.RS 4n
Suppresses warning messages.
.RE

.SH FILES
.sp
.ne 2
.mk
.na
\fB\fB/var/smb/smbpasswd\fR\fR
.ad
.sp .6
.RS 4n
Stores SMB passwords for Solaris users.
.RE

.SH ERRORS
.sp
.LP
Upon successful completion of \fBpam_sm_chauthtok()\fR, \fBPAM_SUCCESS\fR is returned. The following error codes are returned upon error:
.sp
.ne 2
.mk
.na
\fB\fBPAM_AUTHTOK_ERR\fR\fR
.ad
.sp .6
.RS 4n
Authentication token manipulation error
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_AUTHTOK_LOCK_BUSY\fR\fR
.ad
.sp .6
.RS 4n
\fBSMB\fR password file is locked
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_PERM_DENIED\fR\fR
.ad
.sp .6
.RS 4n
Permissions are insufficient for accessing the \fBSMB\fR password file
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_SYSTEM_ERR\fR\fR
.ad
.sp .6
.RS 4n
System error
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_USER_UNKNOWN\fR\fR
.ad
.sp .6
.RS 4n
User is unknown
.RE

.SH ATTRIBUTES
.sp
.LP
See the \fBattributes\fR(5) man page for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Interface StabilityCommitted
_
MT LevelMT-Safe with exceptions
.TE

.SH SEE ALSO
.sp
.LP
\fBsmbd\fR(1M), \fBsyslog\fR(3C), \fBlibpam\fR(3LIB), \fBpam\fR(3PAM), \fBpam_chauthtok\fR(3PAM), \fBpam_sm\fR(3PAM), \fBpam_sm_chauthtok\fR(3PAM), \fBpam.conf\fR(4), \fBattributes\fR(5)
.SH NOTES
.sp
.LP
The interfaces in \fBlibpam\fR(3LIB) are MT-Safe \fBonly\fR if each thread within the multi-threaded application uses its own PAM handle.
.sp
.LP
The \fBpam_smb_passwd.so.1\fR module should be stacked following all password qualification modules in the \fBPAM\fR password stack.