password API needed
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Mon May 25 13:03:38 GMT 1998
On Mon, 25 May 1998, Benny Holmgren wrote:
> On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:
>
> > there are checks in password.c and smbpasswd.c to check that there exists
> > a unix account for the smb (nt) user with same name / same unix uid.
> >
> > is this done through a single function, for consistency? _should_ it?
> > should NIS+ be added ("passwd.org_dir") or is the standard getpwnam()
> > sufficient?
>
> If the machine uses NIS+ for the passwd table it is sufficient to use
> getpwnam() and friends but if not, you have to make the calls to NIS+
> yourself.
hm.
> So, it depends on the setup of the machine. You can have NIS+ running
> without actually using it or maybe just use it for mailaliases or some
> other table(s) you want to distribute. All this is controlled from
> /etc/nsswitch.conf for the standard tables. In the samba case one might
> not want users to be able to login to the server and an easy way to do
> that is not using the passwd NIS+ table other than from samba.
hm. this goes against the grain of jeremy's ethos: if there doesn't exist
a unix account (and therefore, more importantly, a unix uid) then the
samba process can take a... the samba process must not be allowed access:
there are potential security risks.
this is how AFPS and pcnfsd work: they run as root due to
incompatibilities between DOS and unix file access.
> Hope this helps,
yes it does.
More information about the samba-technical
mailing list