[Samba] Winbind local idmap and cache database security concerns
Shawn Iverson
shawn at nccsc.k12.in.us
Tue Jan 20 23:27:08 GMT 2004
I am currently working on implementing unified logons between linux and win
computers on an NT4 domain.
I have a samba test server with winbind working properly. All is going
well, except that I am concerned
about the winbind idmap database stored on the local linux workstations. My
current understanding of
winbind is that it must be on every machine, unless an winbind samba ldap
backend/pam_smb
combination is used. However, with the latter, all the features that
winbind supports are lost since
winbind is not running on the local machine (such as changing ones password)
so I currently see no
other way of implementing winbind.
What will keep a user from reading /var/cache/samba/winbind_cache.tdb and
winbind_idmap.tdb? I know
that the owner is root and that the each has the permissions 0600 (idmap had
0644, but I changed it to
0600). Despite that, isn't it easy enough for a user to crack the
filesystem and gain access to these
databases if so he/she wished? I am especially concerned about this
because the cache and idmap
contain information on what users and groups exist on the network and who
belongs to what group.
Is this not a potential security concern? For example, if a user gained
access to these databases, they
could identify all domain administrator accounts, correct?
Perhaps there is a way to implement winbind so as to not have the cache and
idmaps stored locally
and still retain winbind's functionality. If anyone knows how I would be
very interested.
Shawn Iverson
Technology Associate
New Castle Community School Corporation
765-593-6691
shawn at nccsc.k12.in.us
More information about the samba
mailing list