[Samba] Impending Removal of --with-ssl

Nathan Lutchansky lutchann at litech.org
Sat May 4 20:25:01 GMT 2002

On Fri, May 03, 2002 at 07:56:43AM -0700, abartlet at samba.org wrote:
> --with-ssl allows Samba to tunnel SMB inside an SSL connection.  Unfortunetly
> there are only 2 clients:  smbclient and sharity.  Windows clients simply
> don't know how to use SSL.

Two things:

1) Can we assume that Microsoft will never include SSL functionality in
   their Windows clients?  Does MS have some other method of providing
   transport security instead?  If the answers are "yes" and "yes", then 
   I'd say it is safe to remove.  Otherwise it might feel silly to add SSL 
   back when some XP service pack adds SSL functionality later on.

2) I'd started a project to authenticate users SMB clients based on client
   SSL certificates.  If --with-ssl is removed, SSL authentication can 
   still be done with wrappers and LIBSMB_PROG, but the server wrapper 
   would somehow need to pass authentication information to Samba.  The
   easiest way is to setreuid to the target user before execing smbd, but
   can smbd handle this?  What happens if smbd is started (without -D) as
   some user other than root?  -Nathan

| Nathan Lutchansky | lutchann at litech.org |  Lithium Technologies  |
|  I dread success.  To have succeeded is to have finished one's   |
|  business on earth...  I like a state of continual becoming,     |
|  with a goal in front and not behind. - George Bernard Shaw      |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020504/1c7788c9/attachment.bin

More information about the samba-technical mailing list