Update: Machine accounts invalid
Jeremy Allison
jallison at whistle.com
Thu May 21 16:53:23 GMT 1998
Kevin Currie wrote:
>
> Well, smbpasswd reads the smb.conf file, how about just having the
> "machine reset users = " parameter be interpreted by smbpasswd so that
> non-root users can reset the machine (and only machine) account passwords?
>
We can't do that as it would be the biggest security
hole this side of the buffer overrun problem in Samba
1.9.17p1 and all previous versions :-).
If anyone could do that I could write code that would
allow anyone sniffing the network to get plaintext
equivalent passwords from the next user who logs onto
that NT workstation (come to think of it I could do
that anyway, but this makes it even easier, as you
can select a machine target and force it at a particular
time :-).
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-ntdom
mailing list