Proposal for modifying Get_Pwnam() [Re: couple of getpwnam() questions]

Gerald Carter gcarter at
Mon Nov 27 18:03:20 GMT 2000

Andrew Bartlett wrote:
> Could samba have an option to do NO username work for 
> the client, if we assume that the client is a 
> potential attacker?  (Or does SMB spew usernames all over 
> the shop already, making this irrelevant).

username's exist (in the SMB layer) in the SMBsessetupX
request (assuming user level security).

> Full case sensitivity for usernames (at least where we 
< know that the client OS has not changed that case) 
> could help resolve the situation where (as I have had) 
> one protocol is case sensitive (OpenSSH, I use it
> for password changes) and another is not (Samba, 
> I use it for student file shares).  Such an option looks 
> as if it would be usefull on OpenVMS in any case, with 
> its case insensitive usernames.

disabling the abililty to handle Win9x clients with UPPER
case usernames would break a lot of systems.  Truthfully,
username case issues arethe least of worries in a SMB/NetBIOS
network.  Although I understand your reasoning.  I just
don't think that it is cost effective for the majority of 

If you want to do this for you site, however, it is 
fairly trivial to modify Get_Pwnam() :-)

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/  VA Linux Systems   gcarter at       SAMBA Team          jerry at                     jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list