svn commit: samba r6219 - in branches/SAMBA_4_0/source:
rsharpe at richardsharpe.com
Fri Apr 8 01:32:46 GMT 2005
On Fri, 8 Apr 2005, Andrew Bartlett wrote:
> > On Wed, 6 Apr 2005, Andrew Tridgell wrote:
> > > Richard,
> > >
> > > > This change allows us to fall back to authenticating without
> > > > DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
> > > > NT DCs ...
> > >
> > > Could you explain in what situation this is needed? What specific
> > > setup and set of calls is triggering this?
> > OK, we have had lots of additional discussion about this, and I have
> > concluded that the approach I took was wrong, because I made the code make
> > a policy decision about security when that should be in the hands of
> > administrators (if we even need to take that approach, that is).
> > The code should not be falling back to a less secure method of
> > authentication unless the administrator has requested that it do so.
> I think the trick is also controlling this from the right place - we
> will need that way for the admin to control it, and the infrastructure
> needs to be developed (I'm thinking using cli_credentials) to do this.
Hmmm, but it seems to me that when you call something like
dcerpc_pipe_open_pipe you need to be able to specify the minimum security
you need, and if the underlying code can't support that, it should return
an error, perhaps saying what the max security is that it can support.
However, maybe the decisions need to be in dcerpc_pipe_connect_ncacn_np
and such places ...
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
More information about the samba-technical