[Samba] Winbind, cached logons and 'user persistency'...
Marco Gaiarin
gaio at sv.lnf.it
Fri Jan 25 15:32:56 UTC 2019
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
I come back in this thread, sorry.
> Maybe https://wiki.debian.org/LDAP/NSS is a better solution for the mailserver.
Probably better use directly LDAP info with native MTA tools also,
skipping NSS at all.
> But personaly, the mail server should have replied with a better NDR.
> Like : 4.4.1 The recipient’s server is not responding, so something like that.
Again... it is my configuration that reply generically; this is
intended to prevent dictionary attack against the SMTP server.
About 'winbind cache time' (default 5 minutes) seems effectively the
parameter to tackle with, but still a thing does not seems clear to me:
if i enable 'offline logons', i can have cached credentials.
But how does it make sense to have cached credential if there's no
cached user data (NSS)?
Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' one
(seems to me)?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list