More than one password server? (PR#1609)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Sun Nov 9 13:12:46 GMT 1997
On Sun, 9 Nov 1997, Andrew Tridgell wrote:
> > right. the reason is because the loop in server_cryptkey() is checking
> > for a "valid password server", not a "valid password server and also
> > checking the password".
> >
> > so, some more mods are needed. namely, to combine the server_cryptkey()
> > and server_validate() functionality in some simple way.
>
> Not possible I'm afraid!
>
> The server cryptkey will be different for each password server. The client
> uses it to encrypt the password. The resulting 24 byte hashed password
> is only any use to the server that generated the cryptkey.
>
> It is split into two functions because one of the functions has to be
> called before the client sends the password, and one after.
i've been looking at this code a little more closely - you're absolutely
right, andrew.
so, there are two possible solutions to the original problem (having two
password servers which don't have a trust relationship)
1) set up a trust relationship
2) use the include mechanism and NIS netgroups, to sub-divide the users.
this will need further exploration.
lukes
<a href="mailto:lkcl at switchboard.net" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>
More information about the samba
mailing list