I'm new to Arch Linux, and I come from Gentoo.
On the latter, I use a custom ebuild that:
1) installs ${SAMBA_SOURCE_CODE}/examples/pam_winbind/pam_winbind.conf to /etc/security/
2) installs a file called system-auth-winbind to /etc/pam.d/ which content is:
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so
account required pam_unix.so
password required pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
session required pam_limits.so
session required pam_unix.so
The above steps allow me then to easily decide which service can use winbind authentication.
For instance, I can allow sshd tu use it:
/etc/pam.d/sshd:
auth include system-auth-winbind
account include system-auth-winbind
password include system-auth-winbind
session include system-auth-winbind
The Arch Linux package manager doesn't seem to include this.
Can it be added?