Must a Samba PDC use encrypted passwords?

Gerald Carter cartegw at Eng.Auburn.EDU
Fri Jun 5 21:49:25 GMT 1998


Albert Chin-A-Young wrote:
> 
> This depends on your implementation of NIS. The way we have things
> here, every machine is an NIS master and, therefore, can only bind
> to itself (we could also make the Samba servers members of their
> own domain). If smbpasswd were in NIS, then two Samba servers,
> or more, could share the same file and you could have updates
> occur centrally with a modified passwd/rpc.yppasswd combination
> (it's also easy enough to distribute smbpasswd to only a few NIS
> servers). We distribute NIS maps as flat files and could easily
> rdist them with ssh to severely decrease the security flaws in the
> idea. I don't care for single points of failure but if 'password
> server' supports more than one password server, then I'm all for it
> (but then you still have the problem of keeping smbpasswd in sync).

It's things like 'ypcat smbpasswd.byname' that I would be afraid of ( as
well as somebody sniffing the wire ).  Just make sure that 'ypcat
smbpasswd only works for root ( but then you still have to worry about
someone monitoring the network traffic ).

The scp option was one that I considered here as well and may well do as
a push update from a cron job on a secure server.



j-
________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )


More information about the samba-ntdom mailing list