password API needed

Gerald Carter cartegw at Eng.Auburn.EDU
Tue May 12 17:14:07 GMT 1998 

Andrew Perrin - Demography wrote:
> 
> Hmmm.  Well, in my view there's not that much of a cost to adding
> (potential) entries to smb.conf, since excluding them is always an 
> option and disk space is certainly getting cheaper and cheaper :).  

This statement really assumes a no cost lookup mechanism for flat text
files.  Including no management overhead for a smb.conf file 100,000
lines long.  I would have to politely disagree.

> But I definitely agree with other posts that user-level config doesn't 
> belong in smb.conf.  And in principle, I'm generally against 
> hard-coding anything that can't be un-hard-coded softly.  So... I like 
> the model that's been floated, of a separate private/sampasswd file 
> containing information for PDS users/workstations, with 'fallback' to 
> a default set in smb.conf.  I suppose, alternatively, one could 
> produce a sam.conf that contains configuration information just for 
> PDC stuff, but that seems unnecessary.

Rather than a fallback to the global configuration file, how about
setting default values for newly created accounts.  Once these accounts
are created, the information, if not specified, is filled in. 
Therefore, there will never been an empty field in the acocunt record. 
Since the space would technically already be allocated in the struct (
with the exception of pointers such as char*...but then just assign "" )
as well as in the database record in the case of some relational
password database.

Someone please correct me if I am wrong, but isn't this how NT does it. 
I am referring to account information, not policy settings such as
account lockout for failed login attempt, etc...

> In my view, one of the beauties of Samba is the flexibility of
> smb.conf.%U, etc. -- I don't see a problem with allowing that option 
> for crazy sysadmins who want to set user information that way.

Agreed.  Flexibilty in a piece of software is a beautiful thing.  But
the maintainability of the software configuration is well worth the
effort in planning the initial install.

I'm still going to stand my ground and say don't put user information in
smb.conf.  Another configuration file with the default information would
be OK, but I think the more effecient route would be to put the default
information in when the account is created.  

	1 file access 

vs. 

	1 file access + 
	search through record + 
	search through flat text file for admin set defaults + 
	get compile / code set defaults if still empty


OK. I'm through now :)


j-
________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list