Opportunities for Samba4 based CIFS proxies
Love
lha at kth.se
Wed Nov 2 17:41:08 GMT 2005
Andrew Bartlett <abartlet at samba.org> writes:
> With the work I now have in the Samba4 tree, we can now operate as a
> CIFS proxy, potentially modifying the data stream in the process. We do
> so with the administrators permission (based on kerberos delegation),
> but it does open up an interesting area of research for somebody wanting
> to construct:
>
> - CIFS virus scanner
> - CIFS accelerator
> - CIFS aggregation server
And even better, the store-afs-keyfile-in-ldb hack can go away,
assuming Heimdal and libkafs (or libkrbafs), and be replaced with:
if (delegated_credential && k_hasafs()) {
char cell[64];
k_afs_cell_of_file(homedir, cell, sizeof(cell));
krb5_init_context(&context);
krb5_afslog(context, delegated_credential, cell, NULL);
krb5_destroy_context(context);
}
The good thing about doing it this way is that you don't give
away your whole afs-site when your samba problems have security
problems, just the users that logged in to the samba gateway.
Nice work,
Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051102/d71fb628/attachment.bin
More information about the samba-technical
mailing list