Depricate auth parameters in 3.6, remove in master?

yaberger at ca.ibm.com yaberger at ca.ibm.com
Tue Feb 8 09:38:05 MST 2011 

Hi Andrew,

Regarding this post on samba-technical mailing list
http://lists.samba.org/archive/samba-technical/2011-January/076053.html

We are still using these two settings on different SMB services:
security = share
encrypt passwords = no

For "security = share", it's a public SMB service that provides read-only 
or write-only access.
No id/password need to be provided but this would not be the case with 
"security = user" from my understanding.
Is it possible to provide the same kind of SMB service without security = 
share?

As for "encrypt password = no", well... we have plans to get rid of it but 
we currently rely on PAM authentication (which needs to be clear text) and 
DCE behind PAM for authentication/authorization.
We're still many months away from replacing DCE by a LDAP/KRB solution.

The current discussion regarding the release of Samba 4.0 and the future 
of Samba 3.x is also getting my attention.
As I would enjoy to see the release of Samba 4.0 and understand that the 
focus should be toward this one , I'm hoping that Samba 3.x last release 
to remain in maintenance mode / security fixes only for a longer period.

Current status is:
Samba 3.0 - discontinued
Samba 3.2 - discontinued
Samba 3.3 - security fixes only
Samba 3.4 - maintenance mode
Samba 3.5 - current series
Samba 3.6 - upcoming release series 

Once 3.6 is released, I'm expecting to see:
Samba 3.3 - discontinued
Samba 3.4 - security fixes only
Samba 3.5 - maintenance mode
Samba 3.6 - current series


But after that, depending on the release planning and schedule, it could 
become a problem for us.
Lets just imagine that 4.0 could be released on January 2012 and 3.6 is 
the last 3.x release.
With a 9 months release schedule, 4.2 could be out in mid 2013.

Samba statement of maintenance would looks like:
Samba 3.6 - discontinued
Samba 4.0 - security fixes only
Samba 4.1 - maintenance mode
Samba 4.2 - current series

Will we have removed our dependency on these two settings in mid 2013?
I hope... But it's possible we'll not have completed our transition.




Best regards,

Yannick Bergeron
yaberger at ca.ibm.com
IT Specialist
AIX / Samba / Load Balancer / DCE/DFS / SCM / Apache / Security / Perl 
scripting / etc.

More information about the samba-technical mailing list