[PATCH] Add support for using server supplied principal (mic
option)
Andrew Bartlett
abartlet at samba.org
Mon Aug 25 09:08:00 GMT 2008
On Mon, 2008-08-25 at 13:03 +0400, Igor Mammedov wrote:
> Love Hörnquist Åstrand wrote:
> > 25 aug 2008 kl. 02.25 skrev Jeff Layton:
> >
> >> So that I understand correctly, what exactly is the risk of using the
> >> server-provided principal?
> >
> > I'm not saying that you shouldn't commit the fix if you think i helps
> > interopability, but we should fix all the components so we get a
> > secure solution that works with msft client/server, at least some day.
> >
> > Love
>
> So what we will do?
> Shall I make it disabled by default and add an option to cifs.upcall to
> enable it or we just stick to a secure behavior and forget about servers
> with several names in DNS and the only one in ADS?
I suggest forget it, until someone complains really loudly and won't
accept 'it is insecure' for an answer.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080825/c2aa8ce7/attachment.bin
More information about the samba-technical
mailing list