[Samba] secrets.tdb and IDS

Andrew Bartlett abartlet at samba.org
Sat Apr 24 03:28:00 GMT 2004


On Sat, 2004-04-24 at 07:17, Chris Pelton wrote:
> Hi All,
> 
> I'm fine tuning my home grown IDS system that checks md5 sums of 
> important config files, and was going to put the secrets.tdb file in the 
> mix, but can't find when and where changes are made to this file. We had 
> a change this morning but nobody was logged in to either Unix or Samba, 
> that I can tell. Of course I'm not able to read it either.
> 
> This is a stand alone samba server, v 3.0.0, running on Solaris 9.

Every time an smbd fork()s, it writes a new random seed into
secrets.tdb.  This is to avoid the nasy case where all child smbds could
be using the same random seed, and therefore produce the same random
challenge in the authentication system.

Even network browsing, or browse list synchronisation (a common
periodic, anonymous task on netbios networks) will cause it.

Now, looking at the code, on any sane system we use /dev/urandom for
this anyway, so in fact we could remove that, keep secrets.tdb (more)
stable, and avoid an atomic write/change on the tdb for every fork()...

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040424/6dc38e71/attachment.bin


More information about the samba mailing list