SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Feb 10 15:34:52 GMT 2000
On 10 Feb 2000, Todd Sabin wrote:
> Luke Kenneth Casson Leighton <lkcl at samba.org> writes:
>
> > On 10 Feb 2000, Todd Sabin wrote:
> >
> > > Luke Kenneth Casson Leighton <lkcl at samba.org> writes:
> > >
> > > > > Yes, and there are reasons why HKLM\SAM is NOT a directory with up to 100
> > > > > 000 files in it - even Macrosoft code isn't THAT inefficient (usually).
> > > > > It's a file (registry hive), with access control implemented by the only
> > > > > process allowed to access it.
> > > >
> > > > bad example to pick.
> > > >
> > > > 1) the SAM is loaded into memfrom what i can tell, at start-up time. i
> > > > may be wrong about this.
> > > >
> > >
> > > Actually, it's a whole registry hierarchy. There is in fact one key
> > > and a couple of values per user, alias, and group. However, the
> > > permissions on all of these keys are exactly the same: SYSTEM: Full
> > > Control, Admins: Write DAC. NT's RPC servers implement the
> >
> > [and user create+read, on the user-object. use rpcclient's samquerysec
> > command]
> >
>
> No, not on the registry keys, themselves. One of the pieces of data
> inside the V value of each object is the serialized security descriptor
> that is enforced at the RPC layer. The reg keys themselves are all the
> same.
ah, ok.
> >
>
> Exactly. The SAM is the same way, except they don't break it out into
> separate values. The Service part of the hierarchy does the same kind
> of thing as well. It's common practice in NT.
sounds exactly like wot samba needs, to get round any unix security
limitations.
> BTW, in NT5, instead of a blue screen, you get a dialog box notifying
> you that the machine will shut itself down in 30 seconds or something.
> I guess that's improvement in MS terms.
yeah, especially as an unattended box, going up-and-down like a yoyo, can
be made to crash and hide any illicit damage done in a previous our
previous kernel-dumps...
More information about the samba-technical
mailing list