[PATCH] Add support for using server supplied principal (mic option)

Andrew Bartlett abartlet at samba.org
Mon Aug 25 09:08:00 GMT 2008

On Mon, 2008-08-25 at 13:03 +0400, Igor Mammedov wrote:
> Love Hörnquist Åstrand wrote:
> > 25 aug 2008 kl. 02.25 skrev Jeff Layton:
> > 
> >> So that I understand correctly, what exactly is the risk of using the
> >> server-provided principal?
> > 
> > I'm not saying that you shouldn't commit the fix if you think i helps  
> > interopability, but we should fix all the components so we get a  
> > secure solution that works with msft client/server, at least some day.
> > 
> > Love
> So what we will do?
> Shall I make it disabled by default and add an option to cifs.upcall to
> enable it or we just stick to a secure behavior and forget about servers
> with several names in DNS and the only one in ADS?

I suggest forget it, until someone complains really loudly and won't
accept 'it is insecure' for an answer.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080825/c2aa8ce7/attachment.bin

More information about the samba-technical mailing list