Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Thu Mar 8 12:14:54 GMT 2001
> >For that matter I don't even think, ideally, that there
> should be a
> >separate store for users, groups and aliases -- everyone
> goes in the
> >same tdb or ldap or whatever. See reason #2.
> I think you've got point there. But as far as I know,
> getpwnam is still used by samba. If we use the
> authorization modules for looking up user names, we could
> avoid having to put users in passwd.
> And using the same system as Samba 2.2 makes it possible to
> use 2.2 authorization modules with TNG and visa versa.
just something worthwhile pointing out:
TNG overloads the Net_Sam_Logon info level 4 to be a secure means to do
clear-text password authentication.
so when an SMB client connects with a clear-text password,
reply_session_setup in TNG smbd, which always uses NETLOGON, will use info
level 4 to get the password securely to netlogond.
in _netlogond_, the getpwnam() calls are made etc. to obtain the unix
password crypted has, or pam authentication etc. is called.
not from smbd itself.
all authentication of all types and all kinds is the responsibility of
[a] netlogond [implementation].
----- Luke Kenneth Casson Leighton <lkcl at samba-tng.org> -----
"i want a world of dreams, run by near-sighted visionaries"
"good. that's them sorted out. now, on _this_ world..."
More information about the samba-technical