Passthough security fix.

Jeremy Allison jallison at whistle.com
Tue Apr 21 00:53:26 GMT 1998


Hi all,

	I was chatting with Roger Binns (author of
VisionFS, he's out in Santa Cruz at the moment so
we got to exchange CIFS gossip :-), and he came
out with a wonderful solution to the NT bug that
means NT Server doesn't set the guest bit when
logging on a user in pass-though security.

They send the sessionsetup request *twice* - once
with the correct password, and once with a password
of random garbage. If both are accepted then the
user was guest, if the first was accepted and
the second rejected then the user was non-guest.

Simple, elegant and works with all broken versions
of NT. Can anyone see any disadvanages ?

Cheers,

	Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------


More information about the samba-technical mailing list