[Samba] winbind and case sensitivity
Andrew Bartlett
abartlet at samba.org
Tue Feb 10 11:32:14 GMT 2004
On Tue, 2004-02-03 at 23:12, Brian J. Murrell wrote:
> On Tue, 2004-02-03 at 04:11, Andrew Bartlett wrote:
> > The problem is, for a plaintext login, the IMAP server is almost
> > certainly just copying the username internally, so there is almost
> > nothing we can do about it.
>
> i.e. you mean cyrus imap will just copy and use whatever the user types
> in?
I don't know for sure, but that is how I would expect it to work.
> That is fine. I don't mind telling all of the users that they _must_
> log in with lowercase letters now, no using caps. They will then have
> all lowercase imap mailboxes and cyrus will force delivery into
> lowercase mailboxes.
>
> But the problem then is that when the PDC returns usernames in the
> format "Firstname" (first letter capped), and they log in with
> "firstname", there is no matching account.
There is a matching account, but not a matching IMAP folder. I'm
assuming this is what you mean anyway...
> If I could instruct
> winbind(d?) to simply fold the uppercase letters into lowercase, then
> there is an account that matches what the user typed and will work for
> authentication because NT is case insensitive.
Samba will answer to any username, and will return the user-name
*either* per the NT database, or as the user sent it (depending on the
backend). I would accept a patch that made samba 'forced' to lower
case. (It would lowercase all output, and force all input to be in
lower case).
> It seems to be that the simplest fix is to ask winbind to force the caps
> into lowercase before giving the info to PAM.
Samba never gives information to PAM, only 'yes/no' on the password. It
does return information to nss_ldap however.
> > For NTLMSSP based logins (see my patch to cyrus-sasl back in Janurary) I
> > handle this stuff, because we can return the username.
>
> Interesting. I will take a look. But this problem is more general than
> just cyrus imap and having winbind fold the uppercase letters into
> lowercase letters seems like a nice general solution, no?
In some ways it is, but the main issue is in what users enter in logon
boxes...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040210/fc74e011/attachment.bin
More information about the samba
mailing list