Samba and PAM patches for PDC configuration

Andrew Bartlett abartlet at samba.org
Sat Mar 15 04:50:26 GMT 2003 

On Sat, 2003-03-15 at 13:47, Bikram wrote:
> Hello,
> 
> I wanted to share with you all this patch for Samba
> and PAM for configuring SAMBA as the PDC
> authenticating Windows 98 users.
> As a part of our project, I had worked on configuring
> Samba as the primary domain controller and customizing
> PAM authentication modules.
> 
> I had recompiled Samba version 2.2.2 and PAM version
> 0.75 installed on Redhat version 7.1.

Well, where to start...

Firstly, you would be highly advised to look at Samba HEAD - the
authentication interface provides all the hooks you need already. 

Similarly, both 2.2 and 3.0 provide a passdb interface, that allows
(with differing degrees of difficulty) a full and proper implementation
of this concept, for all client OSes.

Indeed, if you are working with plaintext passwords (Win9X domain logons
will do that, if not much more...), I don't see why you needed to modify
Samba at all...

You open files in /tmp without regard for where they point, you have
specifically disabled the tests that prevent the dangerous use of
sprintf() an strcpy() and you haven't read the diff before posting
(because you would have cleaned it up if you had).

You copy files without their copyright headers, and you add extra
includes to the files directly (I don't even know why you need them..)

Any interface that allows the plaintext password out of the oracle
server should be carefully considered - if you have the plaintext
passwords so easily accessible, why not just write a perl script to
export to smbpasswd?

I say this only to save some poor sole finding your patch in the mailing
list archive uncommented.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030315/62ab470c/attachment.bin

More information about the samba-technical mailing list