Proposal for modifying Get_Pwnam() [Re: couple of getpwnam()
questions]
Gerald Carter
gcarter at valinux.com
Mon Nov 27 18:03:20 GMT 2000
Andrew Bartlett wrote:
>
> Could samba have an option to do NO username work for
> the client, if we assume that the client is a
> potential attacker? (Or does SMB spew usernames all over
> the shop already, making this irrelevant).
username's exist (in the SMB layer) in the SMBsessetupX
request (assuming user level security).
> Full case sensitivity for usernames (at least where we
< know that the client OS has not changed that case)
> could help resolve the situation where (as I have had)
> one protocol is case sensitive (OpenSSH, I use it
> for password changes) and another is not (Samba,
> I use it for student file shares). Such an option looks
> as if it would be usefull on OpenVMS in any case, with
> its case insensitive usernames.
disabling the abililty to handle Win9x clients with UPPER
case usernames would break a lot of systems. Truthfully,
username case issues arethe least of worries in a SMB/NetBIOS
network. Although I understand your reasoning. I just
don't think that it is cost effective for the majority of
installs.
If you want to do this for you site, however, it is
fairly trivial to modify Get_Pwnam() :-)
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list