CVS update: samba/source/auth

Gerald (Jerry) Carter jerry at samba.org
Tue Jul 1 04:16:56 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1 Jul 2003, Andrew Bartlett wrote:

> > * Get_Pwnam() should always fall back to the username (minus domain name)
> >   even if it is not our workgroup so that TRUSTEDOMAIN\user can logon
> >   if 'user' exists in the local list of accounts (on domain members w/o
> >   winbind)
> 
> Is this secure?  It certainly looks like it matches 2.2 - so it
> certainly has to stay like that for the defaults, but this means there
> are now 2 different access systems for the same account.  

This follows the philosophy we used for years and ones that many 
installations depend on.  Remember that the user has been successfully 
authenticated by the DC.  And remember that the real solution is to use
winbindd for dmain mode security.  So this is probably ok.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/AQs4IR7qMdg1EfYRAiGsAKDKHGbbAOxYjYV6PgpHH9u1aI/j2wCfQD9W
ELx8gyXWdiV82qiM7Hsl/80=
=J9UL
-----END PGP SIGNATURE-----




More information about the samba-technical mailing list