I think MS just did us (and themselves) a disservice.

Simo Sorce simo.sorce at polimi.it
Wed Jan 10 09:39:46 GMT 2001


I think the problem is not server side (MS Terminal Server) demonstrate
that.
The problem may be in the way MS threat credential caching.
As windows reuse the same user credential when connecting to a server it
need a way to store them and I think they used a server name as the key to
know which cache d credential set to use with that server.
So having to credential set indexed by the same server name is not
possible (and this is somewhat proved by the fact that using a different
NetBIOS alias or IP it is possibile to circumvent this restriction)
So I think this is a design flaw they does not want or are able to
correct.

Simo.

On Wed, 10 Jan 2001, Anders C. Thorsen wrote:

> no. the limitation is client side :)
>
> Always been there. This is not a true server security thing, as it
> works otherwise.. how would MS Terminal Server work otherwise..?
> That's some of the "Enhanchements" in it..
>
> --Anders
>
> -----Original Message-----
> From: samba-technical-admin at us5.samba.org
> [mailto:samba-technical-admin at us5.samba.org]On Behalf Of Christopher R.
> Hertel
> Sent: Wednesday, January 10, 2001 12:18 AM
> To: Francois Gouget
> Cc: samba-technical at samba.org
> Subject: Re: I think MS just did us (and themselves) a disservice.
>
>
> >    Also, despite what they say, I suspect it's not for security reasons
> > but truely because of _bad_ design. Or at least it must be simpler for
> > them to handle it that way.
>
> If I read this correctly, what it does is prevent separate users on a
> multi-user system from accessing the same NT service.  This puts a kink
> into the utility of, say, libsmbclient.
>
> Because there are effectively no multi-user Windows OSes, this isn't a
> problem from MS's point of view.
>
> Am I reading that right?
>
> Chris -)-----
>
>

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!





More information about the samba-technical mailing list