Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next

Features and Benefits

A number of UNIX systems (e.g., Sun Solaris), as well as the xxxxBSD family and Linux, now utilize the Pluggable Authentication Modules (PAM) facility to provide all authentication, authorization, and resource control services. Prior to the introduction of PAM, a decision to use an alternative to the system password database (/etc/passwd) would require the provision of alternatives for all programs that provide security services. Such a choice would involve provision of alternatives to programs such as login , passwd , chown , and so on.

PAM provides a mechanism that disconnects these security programs from the underlying authentication/authorization infrastructure. PAM is configured by making appropriate modifications to one file, /etc/pam.conf (Solaris), or by editing individual control files that are located in /etc/pam.d.

On PAM-enabled UNIX/Linux systems, it is an easy matter to configure the system to use any authentication backend so long as the appropriate dynamically loadable library modules are available for it. The backend may be local to the system or may be centralized on a remote server.

PAM support modules are available for:


There are several PAM modules that interact with this standard UNIX user database. The most common are called,, and


The module allows the use of any Kerberos-compliant server. This tool is used to access MIT Kerberos, Heimdal Kerberos, and potentially Microsoft Active Directory (if enabled).


The module allows the use of any LDAP v2- or v3-compatible backend server. Commonly used LDAP backend servers include OpenLDAP v2.0 and v2.1, Sun ONE iDentity server, Novell eDirectory server, and Microsoft Active Directory.

NetWare Bindery

The module allows authentication off any bindery-enabled NetWare Core Protocol-based server.

SMB Password

This module, called, allows user authentication of the passdb backend that is configured in the Samba smb.conf file.

SMB Server

The module is the original MS Windows networking authentication tool. This module has been somewhat outdated by the Winbind module.


The module allows Samba to obtain authentication from any MS Windows domain controller. It can just as easily be used to authenticate users for access to any PAM-enabled application.


There is a PAM RADIUS (Remote Access Dial-In User Service) authentication module. In most cases, administrators need to locate the source code for this tool and compile and install it themselves. RADIUS protocols are used by many routers and terminal servers.

Of the modules listed, Samba provides the and the modules alone.

Once configured, these permit a remarkable level of flexibility in the location and use of distributed Samba domain controllers that can provide wide-area network bandwidth, efficient authentication services for PAM-capable systems. In effect, this allows the deployment of centrally managed and maintained distributed authentication from a single-user account database.

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire