Opportunities for Samba4 based CIFS proxies
Matt Benjamin
matt at linuxbox.com
Wed Nov 2 22:14:05 GMT 2005
Love,
Which Windows client combinations could take advantage of this (assuming
that's relevant)?
Matt
Love wrote:
>Andrew Bartlett <abartlet at samba.org> writes:
>
>
>
>>With the work I now have in the Samba4 tree, we can now operate as a
>>CIFS proxy, potentially modifying the data stream in the process. We do
>>so with the administrators permission (based on kerberos delegation),
>>but it does open up an interesting area of research for somebody wanting
>>to construct:
>>
>> - CIFS virus scanner
>> - CIFS accelerator
>> - CIFS aggregation server
>>
>>
>
>And even better, the store-afs-keyfile-in-ldb hack can go away,
>assuming Heimdal and libkafs (or libkrbafs), and be replaced with:
>
>if (delegated_credential && k_hasafs()) {
> char cell[64];
> k_afs_cell_of_file(homedir, cell, sizeof(cell));
> krb5_init_context(&context);
> krb5_afslog(context, delegated_credential, cell, NULL);
> krb5_destroy_context(context);
>}
>
>The good thing about doing it this way is that you don't give
>away your whole afs-site when your samba problems have security
>problems, just the users that logged in to the samba gateway.
>
>Nice work,
>Love
>
>
>
More information about the samba-technical
mailing list