losing connections to password server

Simo Sorce simo.sorce at xsec.it
Thu Jun 19 17:21:38 GMT 2003

On Thu, 2003-06-19 at 17:53, David Bear wrote:
> "security = server" may be a nasty hack, but it is an important
> 'feature' in an organization like my university.  We have centrally
> managed services which include user accounts. 

and you can't turn this one in a domain controller too?

> This hack lets me add
> users to samba services without having to manage accounts.  I can't
> beleive that there aren't more sys admins who haven't used this
> feature.  
> I am reading the info at http://ubiqx.org/cifs/SMB.html#SMB.8.8 to
> gain an understanding of the reasons for pass thru auth,  but I'd vote
> to have it improved as the problem mentioned at the start of this
> thread is biting me more and more... 

You simply cannot "improve" it, the problem is in the logic of the
protocol and it being create to not ease the mitm hack security = server


Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030619/09a03ee5/attachment.bin

More information about the samba-technical mailing list