Must a Samba PDC use encrypted passwords?
Gerald Carter
cartegw at Eng.Auburn.EDU
Fri Jun 5 21:49:25 GMT 1998
Albert Chin-A-Young wrote:
>
> This depends on your implementation of NIS. The way we have things
> here, every machine is an NIS master and, therefore, can only bind
> to itself (we could also make the Samba servers members of their
> own domain). If smbpasswd were in NIS, then two Samba servers,
> or more, could share the same file and you could have updates
> occur centrally with a modified passwd/rpc.yppasswd combination
> (it's also easy enough to distribute smbpasswd to only a few NIS
> servers). We distribute NIS maps as flat files and could easily
> rdist them with ssh to severely decrease the security flaws in the
> idea. I don't care for single points of failure but if 'password
> server' supports more than one password server, then I'm all for it
> (but then you still have the problem of keeping smbpasswd in sync).
It's things like 'ypcat smbpasswd.byname' that I would be afraid of ( as
well as somebody sniffing the wire ). Just make sure that 'ypcat
smbpasswd only works for root ( but then you still have to worry about
someone monitoring the network traffic ).
The scp option was one that I considered here as well and may well do as
a push update from a cron job on a secure server.
j-
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list