passdb

Simo Sorce simo.sorce at polimi.it
Fri Oct 13 11:11:14 GMT 2000


Andrew Bartlett wrote:
> 
> I have a particular interest in passdb, in particular PAM.  My primary
> ideas involve tightining up samba's security so samba does less work for
> a potential attacker, and so it uses PAM even when it can't use it to
> check a password.

This will need passdb API changes or rewriting.
I'm alsointerested but remember that PAM must be an option
as too many samba-supported system does not have it.

> Samba should (IMHO) do account and session processing regardless of
> encrypted passwords.  See OpenSSH for a *very* good implementation of
> this.  (I did, as an exercise, start hacking the OpenSSH code into
> Samba, but got stuck looking for where samba actually starts a
> connection.)
> 
> Adding session handling to samba looks quite easy, just add the hooks at
> the same places as the utmp handling does.

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!




More information about the samba-technical mailing list