Opportunities for Samba4 based CIFS proxies

Matt Benjamin matt at linuxbox.com
Wed Nov 2 22:14:05 GMT 2005


Which Windows client combinations could take advantage of this (assuming 
that's relevant)?


Love wrote:

>Andrew Bartlett <abartlet at samba.org> writes:
>>With the work I now have in the Samba4 tree, we can now operate as a
>>CIFS proxy, potentially modifying the data stream in the process.  We do
>>so with the administrators permission (based on kerberos delegation),
>>but it does open up an interesting area of research for somebody wanting
>>to construct:
>> - CIFS virus scanner
>> - CIFS accelerator
>> - CIFS aggregation server
>And even better, the store-afs-keyfile-in-ldb hack can go away,
>assuming Heimdal and libkafs (or libkrbafs), and be replaced with:
>if (delegated_credential && k_hasafs()) {
>   char cell[64];
>   k_afs_cell_of_file(homedir, cell, sizeof(cell));
>   krb5_init_context(&context);
>   krb5_afslog(context, delegated_credential, cell, NULL);
>   krb5_destroy_context(context);
>The good thing about doing it this way is that you don't give
>away your whole afs-site when your samba problems have security
>problems, just the users that logged in to the samba gateway.
>Nice work,

More information about the samba-technical mailing list