--- /dev/null
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>pam_winbind</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="pam_winbind.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pam_winbind — PAM module for Winbind</p></div><div class="refsect1" lang="en"><a name="id2489018"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>
+ pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon.
+ </p></div><div class="refsect1" lang="en"><a name="id2489041"></a><h2>OPTIONS</h2><p>
+ pam_winbind supports several options:
+ </p><div class="variablelist"><dl><dt><span class="term">debug</span></dt><dd><p>Gives debugging output to syslog.</p></dd><dt><span class="term">require_membership_of=[SID or NAME]</span></dt><dd><p>
+ If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
+ can be either a group-SID, a alias-SID or even a user-SID. It is also possible to give a NAME instead of the
+ SID. That name must have the form: <em class="parameter"><code>MYDOMAIN\mygroup</code></em> or
+ <em class="parameter"><code>MYDOMAIN\myuser</code></em>. pam_winbind will, in that case, lookup the SID internally. Note that
+ NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
+ user is a member of with <span><strong class="command">wbinfo --user-sids=SID</strong></span>.
+ </p></dd><dt><span class="term">try_first_pass</span></dt><dd><p></p></dd><dt><span class="term">use_first_pass</span></dt><dd><p>
+ By default, pam_winbind tries to get the authentication token from a previous module. If no token is available
+ it asks the user for the old password. With this option, pam_winbind aborts with an error if no authentication
+ token from a previous module is available.
+ </p></dd><dt><span class="term">use_authtok</span></dt><dd><p>
+ Set the new password to the one provided by the previously stacked password module. If this option is not set
+ pam_winbind will ask the user for the new password.
+ </p></dd></dl></div><p>
+
+
+ </p></div><div class="refsect1" lang="en"><a name="id2450650"></a><h2>SEE ALSO</h2><p><a href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a></p></div><div class="refsect1" lang="en"><a name="id2450676"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of Samba.</p></div><div class="refsect1" lang="en"><a name="id2450686"></a><h2>AUTHOR</h2><p>
+ The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by
+ the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
+ </p><p>This manpage was written by Jelmer Vernooij and Guenther Deschner.</p></div></div></body></html>