On Tuesday 09 October 2007 11:23:56 G T Smith wrote: > Anders Johansson wrote: > > On Monday 08 October 2007 10:54:41 G T Smith wrote: > >> Anders Johansson wrote: > >>> On Sunday 07 October 2007 14:23:50 G T Smith wrote: > >>>> Unfortunately if you can disconnect a resource, you can also reconnect > >>>> something else at the same point, and that could be a security issue. > >>>> If the location is taken it makes it more difficult (but not > >>>> impossible) to hijack. > >>> > >>> No you can't, because linux will only allow you to mount things as a > >>> user when permission is explicitly given in fstab. Which means the > >>> worst they could do is remount the same resource > >>> > >>> If you think this is wrong, please give a concrete example of how it > >>> could be done > > > > <snip something about home directories on samba shares> > > > > Obviously your scenario is just wrong. > > I think you need to do a little research into both AD and NDS and some > Network Operating System concepts.... You are thinking server and > machine centric not network centric... e.g. NT user accounts are > frequently dynamically created on the local machine on login and the > account removed on logout, accounts and their settings exist on the > network NOT the machine (I am unaware of anything similar on *NIX). The > approach has its problems but works well enough...
Been there, done that, used automount, which is capable of using dynamic share names, worked perfectly - no need to create home directories on each machine, no need for local root access -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
