password API needed

Luke Kenneth Casson Leighton lkcl at
Mon May 25 13:03:38 GMT 1998

On Mon, 25 May 1998, Benny Holmgren wrote:

> On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:
> > there are checks in password.c and smbpasswd.c to check that there exists
> > a unix account for the smb (nt) user with same name / same unix uid.
> > 
> > is this done through a single function, for consistency?  _should_ it?
> > should NIS+ be added ("passwd.org_dir") or is the standard getpwnam()
> > sufficient?
> If the machine uses NIS+ for the passwd table it is sufficient to use
> getpwnam() and friends but if not, you have to make the calls to NIS+
> yourself.

> So, it depends on the setup of the machine. You can have NIS+ running
> without actually using it or maybe just use it for mailaliases or some
> other table(s) you want to distribute. All this is controlled from
> /etc/nsswitch.conf for the standard tables. In the samba case one might
> not want users to be able to login to the server and an easy way to do
> that is not using the passwd NIS+ table other than from samba. 

hm.  this goes against the grain of jeremy's ethos: if there doesn't exist
a unix account (and therefore, more importantly, a unix uid) then the
samba process can take a...  the samba process must not be allowed access:
there are potential security risks.

this is how AFPS and pcnfsd work: they run as root due to
incompatibilities between DOS and unix file access.

>  Hope this helps,

yes it does.

More information about the samba-technical mailing list