Update: Machine accounts invalid

Jeremy Allison jallison at whistle.com
Thu May 21 16:53:23 GMT 1998


Kevin Currie wrote:

> 
>         Well, smbpasswd reads the smb.conf file, how about just having the
> "machine reset users = " parameter be interpreted by smbpasswd so that
> non-root users can reset the machine (and only machine) account passwords?
> 

We can't do that as it would be the biggest security
hole this side of the buffer overrun problem in Samba
1.9.17p1 and all previous versions :-).

If anyone could do that I could write code that would
allow anyone sniffing the network to get plaintext
equivalent passwords from the next user who logs onto
that NT workstation (come to think of it I could do
that anyway, but this makes it even easier, as you
can select a machine target and force it at a particular
time :-).

Jeremy.


-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------


More information about the samba-ntdom mailing list