Authenticaion and 'security =' changes

Andrew Bartlett abartlet at pcug.org.au
Mon Nov 12 06:17:23 GMT 2001 

David Collier-Brown wrote:
> 
> Andrew Bartlett wrote:
> > So we probably will need to add some logic to testparm to avoid
> > foot-shooting, but I think it is a worthwhile addition.
> 
>         Er, could someone add my proposed self-check
>         patch first?
> >
> > The change will involve killing security = server and security = domain,
> > and creating an 'authentication order = ....'.  The 'use rhosts'
> > parameter will also disappear.
> 
>         Sounds like a decent 3.0-era change.
> 
>         I would suggest:
>         if (security = x && authentication order = y)
>                 if (x != y)
>                         fail horribly
>                 else
>                         warn at a high log level (0? 1?)

This gets complex.  auth order is a *list* of authenticaion methods,
each tried in turn.  The test case here is security > USER and auth
order != NULL.  In that case we have problem, but we can just treat
security = USER and go on with our lives.
 
>         if (security = x && no authentication order)
>                 compose an authentication order
>                 warn at a moderate log level (1?)

This I can live with.

> > Possible authentication methods will include:
> >
> > rhosts
> > hostsequiv
>                 both are somewhat insecure (;-))

Indeed, but they are also simple modules that provide a good example for
other implementors.  That is mainly how they managed to stay around...

> > sam
  this is smbpasswd btw.

> > unix
> > local -- a combination of SAM and Unix, depending on encryption.
>                 if this is like pam, you can say that direcly

If I create a 'pam' module then we will have 'pam' as an option and the
--with-pam configure check will go away.  This option is here becouse I
want the defaults to be the same as under 2.2, that is unencrypted ->
Unix/PAM and encrypted -> sam.
 
> > server -- old security = server
>                 I'd use a more specific term, like
>                 win9x stupid compatability protocol (;-))

I'll probably call it 'smb server'
 
> > domain -- old security = domain
>                 ditto

might end up as 'nt domain'
 
> > As such things *will break* after the introduction of this parameter.  I
> > won't do compatibility measures at this time, but we may need to for the
> > 3.0 release.
> >
>         The technique is not hard, just not well-known.
>         Solved problem in computer science from just
>         before Unix was written, actually (;-)).

The problem isn't with the security= stuff.  I think compatablity
measures will do fine here.  The problem is the consequential changes
for a 'server role ='.  This is harder to do in a backward compatible
manner.  Fortuenetly it is also a simpiler paramater.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list