First of all, I would express all my apologies. I only intended to express some ideas or ask for any suggestions by posting this patch on the Samba mailing list. Since this is my first time doing modification, I might have done overlooked some points.
--- Andrew Bartlett <[EMAIL PROTECTED]> wrote: > Indeed, if you are working with plaintext passwords > (Win9X domain logons > will do that, if not much more...), I don't see why > you needed to modify > Samba at all... > Actually we were not working with plain-text passwords. We didnt want to use plain-text passwords. As we read some time back and that was 1 year ago that if we were to use emcrypted passwords, Samba would use smbpasswd file to match the passwords. In our case, since we wanted to use encrypted passwords and since all the accounts are maintained on Oracle database server, we didnt want to export all the user details into smbpasswd file on the local Linux Server since doing that would not keep synchronization as and when users change their passwords plus anytime any new student joins the school we would have to then manually run the script to export new usernames and passwords locally. So, to work around that we thought of bypassing the smbpasswd file lookup by Samba and get user account information from remote Oracle Server. > You open files in /tmp without regard for where they > point, you have > specifically disabled the tests that prevent the > dangerous use of > sprintf() an strcpy() and you haven't read the diff > before posting > (because you would have cleaned it up if you had). > Opening a file in /tmp location was intended only for the purpose of debugging. That was supposed to be temporary. I agree that I could have done a better work had I read more on how to clean the patch. > Any interface that allows the plaintext password out > of the oracle > server should be carefully considered - if you have > the plaintext > passwords so easily accessible, why not just write a > perl script to > export to smbpasswd? > The same reason. By exporting to smbpasswd we would have to make sure that accounts are synchronized between remote Oracle server and the local Linux Server that would run Samba Server. That was not advisable. Anytime a new account is created we would have to then export it.. So, to achieve custom authentication, we modified the PAM authentication routines to suit our needs. And to bypass the smbpasswd file lookup by Samba server and to get the challenge text used by Samba, we modified the Samba Server source code. Again, my whole intention was to share some views and ideas with the Samba mailing list just to have your suggestions and criticisms at the same time :) . Being a rookie I guess I did mistakes I agree. anyways, thanks a lot for your mail Andrew. Bikram. __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com
