[cifs-discuss] FW: [storage-discuss] CIFS in workgroup mode +
Afshin Salek
Afshin.Ardakani at Sun.COM
Tue Jul 8 10:24:26 PDT 2008
Vlad Tepes wrote:
>> Yes, in Worgroup mode users have to be really local
>> i.e.
>> have entry in /etc/passwd.
>
> bummer. is there any particular reason for ignoring NSS?
>
We didn't want to introduce a new CLI for managing SMB passwords
i.e. we wanted to use passwd. We couldn't store SMB passwords in
a NIS database hence /var/smb/smbpasswd. Now you can change the
password of a NIS user from any workstation which means the SMB
password for that user would only be updated on that single W/S.
We also following Windows model here. In Windows workgroup only
local users defined on a workstation are availble but NIS or LDAP
users are more like Windows domain users not local users.
LM hash and NTLM hash which are stored in /var/smb/smbpasswd are
considered weak passwords, there was some security concerns in
PSARC when we presented the case so we had to make some adjustments
to get approval. I imagine PSARC members wouldn't like the idea
of having hashed version of NIS/LDAP users stored locally on
different computers around the network.
Afshin
More information about the cifs-discuss
mailing list