Removal of plaintext krb5 support.

Green, Paul Paul.Green at stratus.com
Sat Nov 17 11:43:02 GMT 2001 

We just released Samba for VOS two months ago, and to run it you must be
running the most recent version of VOS (14.4.1), which was released at the
same time.  Since most of our customers only upgrade operating systems once
per year, or less, it is going to take some time to ramp up its use.
Nonetheless, we do have several customers who already have purchased it, and
many who have said their will put it up within 12-24 months. (This must
sound like forever to most of you, but our servers run mission-critical
applications and that is the planning horizon our customers use).

I think that most of our customers will be attaching to Samba via Windows NT
or Windows 2000.  I have no idea how many will force their systems into
plain text passwords mode...we run Samba in-house in security=domain mode,
and I'm pretty sure we use encrypted passwords on the wire.

Actually, I doubt we will have much demand for supporting
plaintext-on-the-wire.

How does the plaintext issue interact with the PAM issue?  I think I'm
lacking some piece of information here. I thought the purpose of PAM was to
hide the details of the authentication algorithm(s)...

Thanks
PG
--
Paul Green, Senior Technical Consultant, Stratus Computer, Inc.
Voice: +1 978-461-7557; FAX: +1 978-461-3610; Video on request.


-----Original Message-----
From: Mayers, Philip J [mailto:p.mayers at ic.ac.uk]
Sent: Saturday, November 17, 2001 2:01 PM
To: 'Green, Paul '; ''samba-technical at lists.samba.org' '
Cc: ''lukeh at padl.com' '
Subject: RE: Removal of plaintext krb5 support.


PAM and it's modules can be compiled statically, IIRC.

Out of interest, are there many users of plaintext passwords and Samba on
Stratus?

Cheers,
Phil

-----Original Message-----
From: Green, Paul
To: 'samba-technical at lists.samba.org'
Cc: 'lukeh at padl.com'
Sent: 15/11/2001 19:42
Subject: Re: Removal of plaintext krb5 support.

Luke Howard <lukeh at PADL.COM> wrote, on Tue, 13 Nov 2001 12:33:55 +1100

> >Keeping in mind, as A.B. pointed out, that not all of the supported 
> >platforms can run PAM.
> >
> >What work-around exists for non-PAM systems?
>
> You can always compile Linux-PAM on those systems. Granted, that's
> not as easy as it sounds, but certainly it's easier than it used
> to be now that autoconf is supported.

I maintain the port of Samba for the Stratus VOS system, which is a
POSIX-but-not-Unix operating system. I can port and run a whole lot of
open
source / free software that is POSIX-1996 compliant and that follows the
GNU
autoconf/configure model (I even run the native configure script these
days).  But we currently have nothing like PAM support and no plans to
add
it.  We don't have dynamic link libraries or dynamically loadable code,
either.  (None of these things are in POSIX-1996).  Having Samba require
PAM
support would create a real headache for me.  Please don't assume that
we
are all running Unix systems.

I do agree with your point about autoconf. I think it is truly
marvelous.

Thanks
PG
--
Paul Green, Senior Technical Consultant, Stratus Technologies.
Voice: +1 978-461-7557; FAX: +1 978-461-3610; Video on request.

More information about the samba-technical mailing list