Andrew Bartlett abartlet at
Fri Oct 13 06:18:39 GMT 2000

I have a particular interest in passdb, in particular PAM.  My primary
ideas involve tightining up samba's security so samba does less work for
a potential attacker, and so it uses PAM even when it can't use it to
check a password.

Samba should (IMHO) do account and session processing regardless of
encrypted passwords.  See OpenSSH for a *very* good implementation of
this.  (I did, as an exercise, start hacking the OpenSSH code into
Samba, but got stuck looking for where samba actually starts a

Adding session handling to samba looks quite easy, just add the hooks at
the same places as the utmp handling does.  

Andrew Bartlett
abartlet at

"Christopher R. Hertel" wrote:
> > I'm still waiting to start a discussion on the passdb backend, as I've
> > not seen anything on samba techincal I was wondering if there have been
> > any between samba team members or if there will be any.
> > I've written some code to add a tdb password database and there are some
> > points I think must be discussed before further efforts.
> >
> > Is there anyone else working on this thing?
> I threw in my 2-cents regarding the design, but that's all I can do I'm
> 'fraid.  Too much else on my plate.
> Chris -)-----
> --
> Christopher R. Hertel -)-----                   University of Minnesota
> crh at              Networking and Telecommunications Services
>     Ideals are like stars; you will not succeed in touching them
>     with your choose them as your guides, and following
>     them you will reach your destiny.  --Carl Schultz

Andrew Bartlett
abartlet at

More information about the samba-technical mailing list