On 11/20/08 18:34, MC wrote: >> If you truly believe this is a valuable mode of operation, please >> feel free to submit an ARC case. > > That is not a reasonable request. I'm not sure you are in touch > with users and potential users. I'm hardcore enough to read this > obscure forum, and even hardcore enough to know what you mean > when you say ARC, but I'm not hardcore enough to know how or why > I should introduce myself into your development system just to > request a one sentence feature.
I suspect Bill is intimately familiar with the process. > So given that I am so experienced > yet am so far detached from your request, how do you know you > aren't missing a larger number of people who are even further > detached from this thread on this little forum? The process would be to submit a request for enhancement (RFE) change request (CR). As this change would affect an external interface and would have a security impact, it would have to be submitted to the architectural review committee (ARC) for approval. > Theoretical situation: I run an internet cafe with freely accessible > internet access and a cifs share with some read-only files. > Why can't I use solaris as my server? Because solaris doesn't > let me do that. I am absolutely certain that Solaris will not stop to you sharing read-only files over a CIFS share just because you run an Internet cafe. I think that might be considered discrimination. > I'm not filing the request because I'm not invested > enough in solaris because it doesn't do what I need. If you have no interest in filing an RFE, it seems the discussion is moot. > "File an ARC case" LOL. I don't think you're serious when you > tell a user to do that. I think I said that such a request would have to be presented to the ARC, and that I suspected the ARC would need more justification than: someone found it inconvenient/too hard/painful to configure systems on their home network for user authentication. It might be a pain but that's not the point. If such as case was presented, I suspect the ARC would probably focus on the security issues and whoever was presenting it would have to provide sufficient assurance that it would not present a security risk. The fact that the request came from someone who wants to use it on a home network is not relevant. The wider implications of null sessions and anonymous access need to be considered. For example, I believe that null sessions were disabled on Windows 2000 but were re-enabled on Windows XP and Windows Server 2003 after AnonymousLogon was removed from Everyone and an EveryoneIncludesAnonymous registry value was added, which is also disabled by default. On Windows 2000, RestrictAnonymous disallowed null sessions by default. On Windows XP and Windows Server 2003, RestrictAnonymous controls whether or not AnonymousLogon can enumerate SAM accounts and shares, and EveryoneIncludesAnonymous is used to avoid unanticipated access to files via the Everyone group. That's just one example of the wider ramifications of changing the authentication policy. There are ripple effects and I think the ARC would want reassured that security had been considered from a range of perspectives and that everyone felt suitably comfortable that it would not present an unacceptable risk. > I think the decision is made and you're just saying "no". I think I'm ambivalent on supporting null sessions and that a decision would be the outcome of the review process. Perhaps we can agree to disagree on what I'm saying. Alan _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
