SAMBA4 on the Raspberry Pi
abartlet at samba.org
Thu Oct 25 15:10:26 MDT 2012
On Thu, 2012-10-25 at 14:55 +0200, steve wrote:
> 'I don't
> care, no one has the root password so I sleep easy'.
I'll single this out as NOT the answer. The sam.ldb database (and
secrets.ldb for that matter) contain secret data that if exposed to an
attacker, allow for a total compromise of the network and everything
that trusts it.
The security of this machine is critical, and as it is trivial to bypass
the root password of a machine under physical control, all reasonable
steps need to be taken to ensure that doesn't happen.
Naturally, the factor applied from there then comes down to how much the
network matters - a home network running AD for testing is different to
an air-gapped student network and is again different to a publicly
listed company or a bank.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical