lookups in smbpasswd file

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed Mar 4 21:43:46 GMT 1998 

as per designs currently sitting in my head, and as per at least one
request already, i'd like password accounts to be abstracted, such that
different systems can be switched in/out.

_one_ system will be the current private/smbpasswd system; another will be
a privately used system by the above-mentioned requestor; another could be
a dbm or other database system; another NIS+; another LDAP etc etc.

luke

On Thu, 5 Mar 1998, Todd Pfaff wrote:

> On Thu, 5 Mar 1998, Jeremy Allison wrote:
> 
> > Gerald W. Carter wrote:
> > > 
> > > If this is a limitation, a possible solution would be to keep the
> > > standard smbpasswd file  but translate it to a DBM hash ( *.dir & *.pag
> > > files ) similiar to NIS maps.  Smbpasswd could be modified to interface
> > > directly iwith the DBM files.  Also add an option to dump the map to a
> > > flat ASCII file.
> > > 
> > 
> > That's a very good idea, and one I've been wanting
> > to do for a while. Issues you will need to consider :
> > 
> > 1). Concurrent updates - as I recall, most dbm hash
> > libraries don't allow record locking for concurrent
> > updates. smbpasswd will need this I think.
> > 
> > 2). Transaction security - losing your password
> > file due to a smbd/smbpasswd crash won't be popular.
> > This may be solvable by keeping a ascii snapshot also
> > but we should have some method of dealing with this.
> > 
> > 3). Setuid security. smbpasswd is a setuid root
> > program - adding dbm libraries to it means that
> > the dbm libraries must also pass the strict
> > security requirements for such a program. Do they ?
> > 
> > These problems are why I haven't done the code
> > work yet, I don't have good answers to them.
> > 
> > Just my 2 cents worth....
> > 
> > Jeremy Allison,
> > Samba Team.
> 
> a quick solution that bypasses some or all of these concerns...
> 
> just use the dbm file for lookups.  the only code that has to be modified
> is function get_smbpwd_entry() in smbpass.c.  it could even be conditional
> on whether or not smbpasswd.dir exists.
> 
> continue applying changes to the text file and rebuild the dbm files
> whenever a change occurs.  this can be accomplished with (under sunos
> anyway): system("makedbm smbpasswd smbpasswd").
> 
> this is similar to how the nis yppasswdd stuff works in sunos.  yppasswd
> receives updates, applies them to passwd file, and then runs a yp make to
> rebuild the passwd map.  mind you, this makedbm can take a long time for
> large passwd files.  but at least it improves the lookup time.
> 
> --
> Todd Pfaff                         \  Email: pfaff at mcmaster.ca
> Computing and Information Services  \ Voice: (905) 525-9140 x22920
> ABB 132                              \  FAX: (905) 528-3773
> McMaster University                   \
> Hamilton, Ontario, Canada  L8S 4M1     \
> 
> 

<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton  </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk"       > Samba and Network Consultancy </a>

More information about the samba-ntdom mailing list