Changing security parameters

Andrew Bartlett abartlet at
Sun Nov 11 21:51:26 GMT 2001

"Gerald (Jerry) Carter" wrote:
> On Sat, 10 Nov 2001, Jeremy Allison wrote:
> > Andrew,
> >
> >       I've been thinking about the security parameters
> > change and I don't think we can remove the "security = "
> > parameter, we need to support it in legacy mode.
> >
> > The way we'd do this is to allow it in smb.conf, and
> > then translate it internally to a setting of the new
> > parameters that has exactly the same effect as it
> > does now.
> >
> > I'm sure Dave CB will agree with me, so many people are
> > familiar with the "security=" stuff that we can't just
> > remove support for it, but must allow it's use into the
> > forseable future as a legacy option.
> One thing I just thought about is that this will pretty
> much void all the existing Samba docs (printed, online, in
> our cvs tree).  Is it really that big of an advantage
> to remove security = [domain|server]?  Why not keep these
> and add the "auth order" parameter.

I think the extra flexability is worth it in the long run.  

Why should server configured (well, it does take some skill) in
security=share not be able to push those passwords off to a remote SMB
or NT server?

Apart from the number of time the various random passwords are checked,
it can actually work...

Also, when we get AD support in Samba, we will need to be able to
support both that and normal remote domain stuff and/or local SAM
stuff.  Care to express that in terms of security=?

I think the current intent of 'security=' is best expressed as 'server

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list