[Samba] Domain question
Jeremy Allison
jra at samba.org
Tue Apr 2 14:01:07 GMT 2002
On Tue, Apr 02, 2002 at 03:42:16PM -0500, Douglas.Shaw at pb.com wrote:
> I have a question about Samba's interaction with the PDC and SAM database
> on the windows domain. There are some in my company who say that Samba must
> read and write to the SAM databse in order to authenticate a user.
No, this is not true.
> This,
> according to them, poses a security risk in that a UNIX user could obtain
> tools to gain access to the SAM, retrieve all passwords and potentially
> corrupt the database. My question is simple, is this true and is there a
> way to ease their concerns?
Yes, get them to add a Samba server to their domain and *NOT TELL YOU
THE ADMINISTRATOR PASSWORD* :-). That way you can prove to them that
you don't need write access :-).
Regards,
Jeremy Allison,
Samba Team.
More information about the samba
mailing list