On Thu, 2003-03-27 at 23:45, Kevin wrote: > On Thu, 27 Mar 2003 07:11:55 +0000, Andrew wrote: > > >While 'hacks' might be possible, shares are authenticated seperatly to the > >domain logon, and there is no linkage apart from the fact that the domain > >logon sets up the default username/pw pair. > > > >Fundementally, any restriction imposed by logon script/.pol files can be > >avoided - you must never trust the client to actually follow their directions... > > > > Thanks Andrew. Point taken. Where would you go for more info on this sort of > security? In particular I'm trying to avoid unauthorised notebooks etc. > connecting to the network and then disappearing off home with sensitive data > from the server on their drives.
Really, the best you can do is per-user passwords, strong passwords, correctly set permissions, and policies (human policies, not computer ones :-). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
