> Peter Jenkins wrote: >> I've read this whole thread and I'm really hoping I've missed something. >> Is >> it really true that there is no equivalent to the following for in-kernel >> cifs? >> >> http://www.debuntu.org/guest-file-sharing-with-samba
Although this is also not supported by the CIFS service, this is a different topic from the foregoing discussion. The discussion that led to 6775827 was about null sessions and anonymous access. The guest-file-sharing-with-samba article is about configuring share-level access. In Share-level access passwords can be configured per share: options are a password for read-only access and a password for read-write access. Individual users are not authenticated during session setup - the session is allowed to proceed without user validation). When mapping a share, the password provided is compared against the read-only and read-write passwords on the share and, if a match is found, the appropriate access is granted to the share. If a share password has not been specified, users can access that share without a password. In the guest-file-sharing-with-samba article, access will be treated as if user nobody had mapped the share. Share-level access was used by Windows-for-Workgroups and Windows 95 because they were based on DOS, which had no multi-user semantics. The Solaris CIFS Service performs user-level authentication, in which each user must supply valid credentials in order to be granted access to shares. Share-level access was originally in the CIFS Service code but we stripped it out before putback because security is a high priority for most people these days and supporting a legacy mechanism, in which all users share a single password, seemed unnecessary. You can get close to share-level access by creating local guest accounts on Solaris and either giving everyone the passwords or not setting passwords on those accounts. Share-level access may well solve Bill's requirements as well but it is different from null sessions/anonymous access. Alan >> Not allowing this kind of thing on security grounds seems crazy ... we >> are >> talking about letting and administrator enable sharing files read only >> without a password ... like apache, tftp and nfs can do. > > You're not missing anything, it's not supported. > > An RFE has been filed - 6775827. _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
