[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?

Konstantin Boyandin temmokan at gmail.com
Wed Jan 12 01:54:23 MST 2011


Hello Daniel,

I don't talk about Windows users.
I talk about Unix (Linux) users that have shell access to the server
where they can run smbldap-passwd.

I am afraid you answered the wrong question. I ask how to prevent users
with shell access to where smnldap-passwd is installed from viewing the
file smbldap_bind.conf.

Revoking shell access/setting smbldap-passwd as shell is out of question.

Sincerely,
Konstantin

12.01.2011 14:29, Daniel Müller пишет:
> ????
> On your windows client strg+alt+entf
> Change password.
> The users will never see this password in smbldap_bind.conf.
> 
> 
> 
> -----------------------------------------------
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> 
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Konstantin Boyandin
> Gesendet: Mittwoch, 12. Januar 2011 08:50
> An: samba at lists.samba.org
> Betreff: [Samba] smbldap-tools security: how to keep passwords in
> smbldap_bind.conf secure?
> 
> Hello,
> 
> On
> http://wiki.samba.org/index.php/4.0:_User_Management
> it is described how to set up and use smbldap-tools package. The
> question is, how to hide master passwords in such a case?
> 
> smbldap-passwd may be called by non-root; thus,
> /etc/smbldap-tools/smbldap_bind>conf
> must be world-readable, and it keeps the passwords as plain text.
> 
> How can I allow users to change their passwords with smbldap-passwd
> without compromising the security?
> 
> Thanks.
> Sincerely,
> Konstantin



More information about the samba mailing list