[Samba] Re: security=share, who needs it ?

Gerald (Jerry) Carter jerry at samba.org
Fri Mar 17 17:53:04 GMT 2006

Hash: SHA1

Craig White wrote:

> I can only think of one reason...I ran into that last night on
> Fedora-list at redhat.com
> User was connecting an old DOS client system to samba and had to use
> 'security = share'

Hey Craig,

I'd have to see some evidence here.  My experience is that the
DOS Network client (even the basic redirector) works with
user mode security.  I'm not aware of a modern (still in use)
client that doesn't support user mode security at all.

> of course, he was confused why the users homes directory 
> didn't work ;-)

Yup.  That one of the main justifications from moving people off
of security = share.  It's just too easy for people to misconfigure.

> So I agree with you that the issue of 'security = share' isn't the
> problem itself, it's the lack of understanding what the real nature of
> the configuration represents and how it essentially obviates large
> amounts of the other samba configuration details.

I doubt we will remove share mode security in the hear future.
We probably will try to get people off of it though.  User mode
security has been the default for about 7 years or so now.
At some point we might do a propoer security = share implementation.
But that might cause just as many problems to existing systems
as removing the authentication model altogether.

cheers, jerry
I live in a Reply-to-All world.               -----------------------
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list