request to remove security=share

Christopher R. Hertel crh at
Wed Mar 15 00:57:30 GMT 2006

Andrew Bartlett wrote:
> On Tue, 2006-03-14 at 17:18 -0600, Steven French wrote:
>>>but it is so trivial to support
>>Perhaps one case in which it is nicer to be working on the "client"
>>side :)
>>The client is easy  ... as it is still is NTLM (would be fun to allow
>>NTLMv2), just skip session setup and stick the encrypted challenge in
>>the tconx

That is the way real share-mode works.  In the old days, it was the
plaintext password that was returned in the tconx.  Now it's the response
(the encryption of the challenge).

> The problem is the username arguments in the hash calculation.
> Otherwise, this would sort of almost work (due to the way this is
> plumbed)

That's why Volker proposed the "share write user" and "share read user"
options.  It ties the share to a password (or a pair or password) using
the existing user lookup mechanisms which already work.  It also bypasses
all of the cruft of trying to "guess" a username so that a password can be
found.  Finally, it forces one single password per access option
(read/write) rather than going through a list of possibilities as we do
now.  That makes the whole thing much more consistent (and simpler).

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list