smbd/reply.c 2.2.8a test local workgroup patch
Matthew Moffitt
moffitt.10 at sociology.osu.edu
Fri Jun 20 20:00:56 GMT 2003
>> diff smbd/reply.c smbd/reply.c.orig:
>>
>> 981,982d980
>> < !check_domain_security(orig_user, lp_workgroup(), user, smb_apasswd,
>> < smb_apasslen, smb_ntpasswd, smb_ntpasslen, &ptok) &&
>> 985d982
>> <
>
>Ummm, what does this give you that having the user specify the domain they
>want to log onto and trusted domains doesnt.
>
>It is also a security problem, ISTM.
The point of the patch is that users don't have to specify the domain so the server will authenticate them to the domain it represents as it does in security=server mode. This was a hangup for us, having to educate users about the domain, that kept us from switching to security=domain authentication earlier.
Moreover we like the process to be as transparent as possible rather than teaching users about the (IMHO silly) windows 'domain' concept.
I'm not sure what security problem you see but I'm certainly interested to know why you think this is the case.
-Matt
More information about the samba-technical
mailing list