Libsmbclient: smbc_init

Andrew Bartlett abartlet at samba.org
Fri Nov 7 10:42:19 GMT 2003 

On Thu, 2003-11-06 at 22:47, Simo Sorce wrote:
> On Thu, 2003-11-06 at 11:16, Sevastian Foglia wrote:
> 
> > I'm developing an application that uses libsmbclient and samba-vfs.
> > When a client connects to a share on my samba server, samba-vfs passes
> > the gathered information to a local daemon that uses smbclient to connect
> > to another samba server.  I have both workgroup and username, but I don't
> > have his password. Is there a way to authenticate to the samba server on
> > the other side with the supplied username (notice that both servers have
> > the same user database) ?
> >
> > As written in documentation I found I must initialize the samba client
> > library with smbc_init.
> > I saw in testsmbc.c that first argument of smbc_init is a function which is
> > used to get workgroup and user informations from stdin.
> > Now, my application is a daemon and I want nothing is been printed to
> > stdout and read from stdin.
> 
> Ok basically you are extending the concept of security = server to file
> operations.
> Look at the code in samba that implements security = server, you will
> have to modify the samba server code in order to keep the hashed
> password and not delete it.
> This method cannot work in a domain environemnt when you are a member
> server and not the PDC, in that case the member server will never see
> the hashed password.

The better option really is to do this with kerberos, and
proxied/impersonation tickets etc.   But it is possible to implement a
module like auth_smbserver to handle this, passing back and forth the
challenge-response values.  Note, this breaks as soon as somebody
enforces SMB signing etc.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031107/517a44b8/attachment.bin

More information about the samba-technical mailing list