Automatically locating domain controller
Jeremy Allison
jallison at cthulhu.engr.sgi.com
Fri Oct 1 22:10:38 GMT 1999
Jeremy Allison wrote:
>
> 3). Evil Hacker (tm) uses smbclient to connect as user "root"
> to a Samba server, and sets his own laptop to allow any password
> authentication for the user "root"......
>
> 4). Trouble follows........
>
> This is why I haven't added this feature yet. The current
> password server code could be hacked this way if the name
> resolution is set to use a NetBIOS name resolution (wins,
> bcast) but cannot if it is set to use dns. This new feature
> would *always* be hackable in this way.
>
> Any comments, thoughts ?
To comment on my own comment :-), this is not a problem
with security=domain, only security=server.
The reason is that the user/password authentication is
protected by the machine shared secret in the domain so
Evil Hacker (tm) can't spoof the requesting client.
So, how about allowing
password server = <*>
to mean, look up the DOMAIN<1C> name for the current
domain and try authentication to each returned IP
address in turn, but only when "security=domain".
Should be reasonably simple to implement.
Cheers,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list