[oi-dev] Install defaults re. SMB and pam.conf

Andreas Wacknitz A.Wacknitz at gmx.de
Sun Mar 26 11:23:56 UTC 2017



Am 25.03.17 um 22:30 schrieb James Blachly:
> (I did not get any response on the -discuss list, so please forgive the re-posting)
>
> Speaking as a new OI user here,
>
> I am using the kernel CIFS/SMB service for the first time (on other systems including smartos I am using samba), which is quite convenient. However, it did not work out of the box.
>
> Is there any reason something along the lines of the following should not be in /etc/pam.conf in the installer/freshly installed image?
>
> # Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd
> other   password required       pam_smb_passwd.so.1     nowarn
>
> This seems like a reasonable change that would lower the barrier to entry / lower the frustration level for new users at a critical point in their go/no go decision.
I am not sure about the reasons it is missing in our standard 
installation. Probably because not everybody is using smb/cifs and it 
might be
a security problem. I think the general idea behind it was (during 
Solaris times) that it is safer to have as few as possible things "on" 
by default
and an admin should know what to activate.
So an alternative to enable this in /etc/pam.conf would be an enhanced 
desription of admin steps after installation (on the wiki probably).

Regards
Andreas





More information about the oi-dev mailing list