lookups in smbpasswd file

Jeremy Allison jallison at whistle.com
Wed Mar 4 17:31:33 GMT 1998


Gerald W. Carter wrote:
> 
> If this is a limitation, a possible solution would be to keep the
> standard smbpasswd file  but translate it to a DBM hash ( *.dir & *.pag
> files ) similiar to NIS maps.  Smbpasswd could be modified to interface
> directly iwith the DBM files.  Also add an option to dump the map to a
> flat ASCII file.
> 

That's a very good idea, and one I've been wanting
to do for a while. Issues you will need to consider :

1). Concurrent updates - as I recall, most dbm hash
libraries don't allow record locking for concurrent
updates. smbpasswd will need this I think.

2). Transaction security - losing your password
file due to a smbd/smbpasswd crash won't be popular.
This may be solvable by keeping a ascii snapshot also
but we should have some method of dealing with this.

3). Setuid security. smbpasswd is a setuid root
program - adding dbm libraries to it means that
the dbm libraries must also pass the strict
security requirements for such a program. Do they ?

These problems are why I haven't done the code
work yet, I don't have good answers to them.

Just my 2 cents worth....

Jeremy Allison,
Samba Team.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------


More information about the samba-ntdom mailing list