smbsh and others.
Andrew Tridgell
tridge at samba.anu.edu.au
Tue Oct 6 23:49:35 GMT 1998
> I was thinking about something more similar to ssh-agent, which
> creates a Unix socket in /tmp/ssh-$user/ and communication
> with it is done by reading and writing the socket.
yep, I think it should have a little protocol where you write
"server:share:flags" to the socket and read back a password. flags
would say whether you wanted a lm-hashed password.
> The biggest caveat I can think of is that I don't know how to stop
> root from getting clear text passwords by writing to the socket.
> But perhaps that is not introducing a security hole, if they already
> are root?
root can _always_ get the password. They just need to ptrace the
program that reads passwords. root is omnipotent :-)
> What about settling for a race condition? "smbsh" can start up
> an 'smb-agent' and then we can prompt the user for a password.
> smbwrapper.so can then grab the password on initialization,
> at which point smb-agent forgets it ever heard of a password.
it can't forget it, it needs to stick around for other subprocesses
who need authentication. smbwrapper makes a new connection for each
process.
> I would much prefer a socket thingy to pass clear text passwords,
> though.
Would you be able to put some time into writing a prototype of this?
We will certainly need it before joe user can start using smbwrapper.
Cheers, Tridge
More information about the samba-technical
mailing list