[Samba] Impending Removal of --with-ssl
Nathan Lutchansky
lutchann at litech.org
Sat May 4 20:25:01 GMT 2002
On Fri, May 03, 2002 at 07:56:43AM -0700, abartlet at samba.org wrote:
>
> --with-ssl allows Samba to tunnel SMB inside an SSL connection. Unfortunetly
> there are only 2 clients: smbclient and sharity. Windows clients simply
> don't know how to use SSL.
Two things:
1) Can we assume that Microsoft will never include SSL functionality in
their Windows clients? Does MS have some other method of providing
transport security instead? If the answers are "yes" and "yes", then
I'd say it is safe to remove. Otherwise it might feel silly to add SSL
back when some XP service pack adds SSL functionality later on.
2) I'd started a project to authenticate users SMB clients based on client
SSL certificates. If --with-ssl is removed, SSL authentication can
still be done with wrappers and LIBSMB_PROG, but the server wrapper
would somehow need to pass authentication information to Samba. The
easiest way is to setreuid to the target user before execing smbd, but
can smbd handle this? What happens if smbd is started (without -D) as
some user other than root? -Nathan
--
+-------------------+---------------------+------------------------+
| Nathan Lutchansky | lutchann at litech.org | Lithium Technologies |
+------------------------------------------------------------------+
| I dread success. To have succeeded is to have finished one's |
| business on earth... I like a state of continual becoming, |
| with a goal in front and not behind. - George Bernard Shaw |
+------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020504/1c7788c9/attachment.bin
More information about the samba-technical
mailing list