request to remove security=share

Gerald (Jerry) Carter jerry at samba.org
Sun Mar 12 23:09:18 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tridge at samba.org wrote:

> I think this would be good. It would give us "proper" share level
> security, where the password is associated with the share.
> 
> I'm not as keen on the "map to user level" solutions, partly because
> they can give misleading error messages. The windows net tool says
> things like "please enter password for XXX at YYY" which makes sense
> for user level security, but doesn't make sense for pseudo-share level
> security where the server is really ignoring the username.

Tridge,

Have you ever run across production uses of security = share
for something other than guest access?  We can do a seamless
guest server with 'map to guest' that works flawlessly.  If
configuring a public server if the only reason to continue
to maintain 'security = share', I think we can work around that
with some specific documentation and proper user education.

I do agree that a proper share mode security implementation would
be nice.  But I'm not sure it's warranted in Samba these days.
Or at least I'm not sure that people really need it.  I guess that
is my real question.  I'm certainly not chomping at the bit to do
the work :-)

And finally, I doubt we can do anything sudden about this anyways.
However, we could at the verify least mark security = share as
deprecated to start moving people away from it.

I'll also run a poll on the samba ml for reactions.






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEFKoeIR7qMdg1EfYRAul/AJ41FikjgtxCq2MMhMwOfwjF4SBfuACgrBHJ
KgA9793FDmD19xv2uaLfMZw=
=Bb6n
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list