password API needed

Luke Kenneth Casson Leighton lkcl at cb1.com
Tue May 12 17:23:47 GMT 1998 

On Tue, 12 May 1998, William Stuart wrote:

> 
> 
> On Wed, 13 May 1998, Luke Kenneth Casson Leighton wrote:
> 
> > questions like: do you think it's a good or a bad idea to add more
> > NT-SAM-like parameters to smb.conf, like "kickoff time" and "domain
> > workstations", bearing in mind that these may have to go down to the
> > granularity of a per-group or per-user basis?
> > 
> 
> IMHO, these are lower priority items, maybe even ver 2.1 items.  I don't
> usually work on sites that require this level of security.  I do believe
> though that these things should be supported eventually so that you can
> advertise a "fully functional" PDC.
> 
> I don't quite understand the need for multiple smb.conf's here.  These
> options should be supported regardless of entries in smb.conf.  For
> example, kick off time should kick off the user (in some gracioius way)
> regardless of entries in the smb.conf, except for maybe a "use kickoff
> time = no" in the globals section.

well, i would guess that setting "kickoff time = +1hr" would cause the nt
workstation (not a win95) to log all users out after 1 hour.  not setting
this option would put a default of no forced logout.
 
> In regards to the domain workstations entry, this should require an
> smb.conf either.  It should simply keep a list of workstations the user
> can login to.

yep.

> I think you mentioned a home directory entry in a eariler post.  Is there
> a similar entry for profile location?

these already exist: "home dir = " and "logon script = " and "profile path
= ".

>  This could be a neat option.  You
> could have UNIX homes in a different place than SMB homes.

uhh... yes, you can already do that.

>  I am assuming
> that you could specify a SMB mount point in this field.

it has to be a fully qualified UNC name (\\server\share\directory_path)

>  This would enable
> a design where you have a machine as PDC and another handling all file and
> print without NFS.

yep!
 
> sampasswd is probably where modem_users should be kept as well.  Have a
> field containing a BOOL that determines wether this user can dialin.

?
 
> One final, minor note, sampasswd and smbpasswd are too alike in name...
> Might I suggest saminfo or samdb.

good point.

More information about the samba-ntdom mailing list