passdb

Andrew Bartlett abartlet at pcug.org.au
Fri Oct 13 06:18:39 GMT 2000


I have a particular interest in passdb, in particular PAM.  My primary
ideas involve tightining up samba's security so samba does less work for
a potential attacker, and so it uses PAM even when it can't use it to
check a password.

Samba should (IMHO) do account and session processing regardless of
encrypted passwords.  See OpenSSH for a *very* good implementation of
this.  (I did, as an exercise, start hacking the OpenSSH code into
Samba, but got stuck looking for where samba actually starts a
connection.)

Adding session handling to samba looks quite easy, just add the hooks at
the same places as the utmp handling does.  

Andrew Bartlett
abartlet at pcug.org.au

"Christopher R. Hertel" wrote:
> 
> > I'm still waiting to start a discussion on the passdb backend, as I've
> > not seen anything on samba techincal I was wondering if there have been
> > any between samba team members or if there will be any.
> > I've written some code to add a tdb password database and there are some
> > points I think must be discussed before further efforts.
> >
> > Is there anyone else working on this thing?
> 
> I threw in my 2-cents regarding the design, but that's all I can do I'm
> 'fraid.  Too much else on my plate.
> 
> Chris -)-----
> 
> --
> Christopher R. Hertel -)-----                   University of Minnesota
> crh at nts.umn.edu              Networking and Telecommunications Services
> 
>     Ideals are like stars; you will not succeed in touching them
>     with your hands...you choose them as your guides, and following
>     them you will reach your destiny.  --Carl Schultz

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba-technical mailing list