CVS update: samba/source/auth

Andrew Bartlett abartlet at
Tue Jul 1 03:02:39 GMT 2003

On Tue, 2003-07-01 at 06:45, jerry at wrote:
> Date:	Mon Jun 30 20:45:13 2003
> Author:	jerry
> Update of /data/cvs/samba/source/auth
> In directory
> Modified Files:
>       Tag: SAMBA_3_0
> 	auth_domain.c auth_util.c 
> Log Message:

> * Get_Pwnam() should always fall back to the username (minus domain name)
>   even if it is not our workgroup so that TRUSTEDOMAIN\user can logon
>   if 'user' exists in the local list of accounts (on domain members w/o
>   winbind)

Is this secure?  It certainly looks like it matches 2.2 - so it
certainly has to stay like that for the defaults, but this means there
are now 2 different access systems for the same account.  

When we get the rest of this mess sorted out, we might want to look at
some parameter to control this, and what domains to allow to map to
unqualified names.  (This would work well with 'winbind use default
domain' too, where the 'default domain' might not be the domain we

Anyway, thanks for catching this one - I'm amazed how much 3.0 has
evolved since 2.2, which has certainly changed a few too many 'expected

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list