lookups in smbpasswd file
Jeremy Allison
jallison at whistle.com
Wed Mar 4 17:31:33 GMT 1998
Gerald W. Carter wrote:
>
> If this is a limitation, a possible solution would be to keep the
> standard smbpasswd file but translate it to a DBM hash ( *.dir & *.pag
> files ) similiar to NIS maps. Smbpasswd could be modified to interface
> directly iwith the DBM files. Also add an option to dump the map to a
> flat ASCII file.
>
That's a very good idea, and one I've been wanting
to do for a while. Issues you will need to consider :
1). Concurrent updates - as I recall, most dbm hash
libraries don't allow record locking for concurrent
updates. smbpasswd will need this I think.
2). Transaction security - losing your password
file due to a smbd/smbpasswd crash won't be popular.
This may be solvable by keeping a ascii snapshot also
but we should have some method of dealing with this.
3). Setuid security. smbpasswd is a setuid root
program - adding dbm libraries to it means that
the dbm libraries must also pass the strict
security requirements for such a program. Do they ?
These problems are why I haven't done the code
work yet, I don't have good answers to them.
Just my 2 cents worth....
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-ntdom
mailing list