Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Buchan Milne (bgmilnecae.co.za)
Date: Tue Dec 18 2001 - 03:38:40 CST
Tzafrir Cohen wrote:
> On 12 Dec 2001, Bill Kenworthy wrote:
>>I like this one - setup MySQL etc to go through the normal system
>>pam/password setup. This fixes the problem for newbies AND in most
>>cases for the experianced as well with no effort on their part. For
>>what I think is actually a relatively small group who "wanna do their
>>own thing", that would still be available to them as they would normally
>>be "getting in there" and changing things anyway. Another benefit is
>>only one password system to administer - go for it. And Samba would
>>benefit from a default set up like this as well, if it is not the
>>I know Samba can be set up this way, but can MySQL?
> Samba can be tweaked to work this way.
Samba now actually ships with encrypted passwords set by default in the
Mandrake RPMs. Windows encrypts (well, one-way-hashes) the password on
the wire (whereas unix typically has the password in the clear, unless
using symmetric encryption like ssl or ssh), so there is no way to use
samba/windows encrypted passwords and authenticate from anything which
does not store encrypted samba passwords (thus either samba's smbpasswd
file or a windows domain controller). In all serious implementations of
samba, encryption is required (specifically when using windows NT 4 or
later in a domain), and in home use, you would have to reg hack all the
To join a windows 2k or later machine to a samba domain, root has to
have an (encrypted) smbpasswd.
We actually do all our password authentication off samba, using windows
natively for the desktops, or pam_smb for pam enabled services on the
linux desktops/servers, and smb_auth for our proxy. The next step is to
get samba storing it's passwords in LDAP rather than the smbpasswd file,
which will be available in 2.2.3 and 3.0.0, both of which are nearing
-- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za
For help, email discuss-helpmandrakesecure.net; to unsubscribe send a message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure, go to http://www.mandrakesecure.net/.