I think MS just did us (and themselves) a disservice.
Anders C. Thorsen
anders at cwd.no
Wed Jan 10 07:35:04 GMT 2001
Yes, but it's not the telnet client which detects attempted root login :)
It's the server...
--Anders
-----Original Message-----
From: samba-technical-admin at us5.samba.org
[mailto:samba-technical-admin at us5.samba.org]On Behalf Of
acherry at pobox.com
Sent: Wednesday, January 10, 2001 6:13 AM
To: samba-technical at samba.org
Subject: Re: I think MS just did us (and themselves) a disservice.
Christopher R. Hertel writes:
> > no. the limitation is client side :)
>
> Ah. So it's a Windows client can only connect once per share.
>
> Now I'm more confused. Since the Microsoft clients are
one-user-at-a-time,
> how often would you need to connect to the same share using two sets of
> credentials?
It's often useful to do this when testing network connectivity for
accounts other than your own, or if you need quick temporary access to
resources your own account cannot access. There are other situations
where processes may need to access shares using different sets of
credentials.
> Armand asked about the MS Terminal Server. Is this "fixed" under
Terminal
> Server?
It's not "fixed" under Terminal Server per se, it's just handled at a
lower level.
(I would hesitate to use the word "fixed" when discussing ANYTHING
about NT Terminal Server. ;-) )
Even on a regular NT desktop machine, it is possible to multiplex
different sets of credentials on the same SMB connection -- ClearCase
does this, for example (don't know the details). So it's not a hard
and fast rule.
I suspect the limitation is only in the front-end (the GUI and the
"net use" command), not at the API level. And as I mentioned earlier,
it's not very well implemented (i.e. it apparently only does string
comparisons on the server hostname, not actual name service lookups).
Who knows, maybe they really did slap this on for security reasons and
just didn't think carefully. It happens. IIRC, Solaris 2.6 shipped
with non-console root logins (telnet, rlogin, etc) disabled for
security reasons but root FTP connections allowed. Oops.
-Andrew
More information about the samba-technical
mailing list