SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Feb 9 22:59:26 GMT 2000
> > This trick is bad. The SAM daemon should only open its DB at startup and
> > after any event where it must close it for maintenance (say,
> > rewriting). Access to the records in SAM db must be controlled not by
> > the DB's file permissions but by code in the SAM daemon (and ACLs,
> > implicit or explicit, in the SAM DB).
>
> Agreed - if Unix file permissions are used, then either users have full
> access to the entire SAM file, or no access to it at all. Neither is
> really desirable, I suspect? :)
well, that's microsoft's stupid fault, they shouldn't have allowed
anonymous access to the damn SAM database over DCE/RPC.
i.e if you can get the SAM remotely using DCE/RPC, who give a *monkey's*
if the same info (and only the same info) is available by telnet to a box
and vi some-sam-database-file????
More information about the samba-technical
mailing list