Patches to head (become_root and some RPC stuff)

Michael Stockman pgmtekn at algonet.se
Mon Aug 23 18:40:36 GMT 1999


Hello,

> do people agree that this is a good idea?  [splitting passwords out
into
> private/DOMAINNAME.user1.mac private/DOMAINNAME.user2.mac]
>
> does someone want to write a private/sampasswd module, as this would
be a
> good opportunity to do this.

No, this idea is probably wrong. The idea, as put forth in the
previous discussion, is to protect the password hashes and this
exposes them to user interference. What we need is actually only one
file with public user information and one with restricted (such as
passwords).

This is possible since we only need the restricted information for
authentication and password hashes when we are allowed to be root. The
other data can be allowed or restricted as the administrator see fit
(without security implications).

Best regards
  Michael Stockman
  pgmtekn-micke at algonet.se





More information about the samba-technical mailing list