[Samba] login scripts do not run

Denis Vlasenko vda at port.imtp.ilyichevsk.odessa.ua
Fri Sep 24 21:32:23 GMT 2004


On Friday 24 September 2004 00:21, rruegner wrote:
> Hi Denis, this is nonsens , if a user wants to break your security he 
> will do it anyway, win auth is easy enough to be breaked by any user
> also in native win setups.

I have first-hand practical experience in that ;)

> If you want be secure use no windows,  i gave advice for the netlogon 
> problem and wanted help out with the prog cpau which is very usefull
> as it can crypt admin account and pass, i dont want to be struggeled in 
> security.

As to original question, timekeeping problem can be nicely solved
by either native Windows Simple NTP (I deployed one on the job),
or by NTP. Last I checked their code was supporting dozens of platforms,
including Win. Which is a pity, code got rather ugly...

> Cpau is enough crypto to ban a normal user for seeing admin users and 
> his pass ( which must be cool enough ),

Of course you can use unsafe methods. It's not a crime.
Just don't pretend that this is a Right Thing to do.

> but after all having enough time you will brake any security.

Yes. How many trillion years do you need to break AES?

> Security is a concept not relate to just one thing,
> i.e. if the user can boot the computer from a floopy or a cd he will 
> find out the local admin account in seconds having the right tools,
> so dont feed me with your paranoia stuff

Shall I start to use telnet instead of ssh because of this? No.

I think that the fact that one has some unsafe net
cannot be used as an excuse to deploying some additional tools
which are unsafe too. Move to more secure setup. You can do it at
whatever slow pace you want if you have other priorities, but do not
go backward.

> Also any network sniffer and varias other tools may brake in security
> anyway i.e man in the middle etc), but this is another discussion.
> If you dont like this nice little tool, just let it go and wait for 
> wonder until windows get secure in the matter nix systems are
--
vda



More information about the samba mailing list