[Samba] Proposal to remove security=share in Samba 4.0

Andrew Bartlett abartlet at samba.org
Thu Mar 1 14:44:22 MST 2012


On Thu, 2012-03-01 at 14:55 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> > After feedback from my previous proposal, I am proposing to totally
> > remove security=share from Samba 4.0.  security=share has been
> > deprecated since Samba 3.6.
> > 
> > The attached patch shows the removal (a lot of complex code is going
> > away, which I think is a very good thing).   
> > 
> > Naturally, full user-name/password authentication remain available in
> > security=user and above.
> > 
> > The rationale is that for the bulk of security=share users, we just we
> > need a very simple way to run a 'trust the network' Samba server, where
> > users mark shares as guest ok.  This is still supported, and the
> > smb.conf options are documented at
> > https://wiki.samba.org/index.php/Public_Samba_Server
> > 
> > At the same time, I want to close the door on one of the most arcane
> > areas of Samba authentication.
> > 
> > If you have any concerns about this, please let me know,
> 
> 
> Please add a tombstone like we have for NT_STATUS_NOPROBLEMO to
> SEC_SHARE :-)

I won't repost it to the list, but rest assured that a suitable memorial
will be inscribed.  :-)

> And wait a few more days for comments...

Certainly,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba-technical mailing list