diff options
| author | Alexander Bokovoy <ab@samba.org> | 2003-04-06 13:07:44 +0000 |
|---|---|---|
| committer | Alexander Bokovoy <ab@samba.org> | 2003-04-06 13:07:44 +0000 |
| commit | 9496f1e2063eb0b93142bfaf86979b21bf8b56e6 (patch) | |
| tree | 92fbf612a79f79adb14fca2405a68308fea3ead1 /docs/docbook/smbdotconf/security/username.xml | |
| parent | c5ab17567cf6681f567b73ba8ed0653fbb64f453 (diff) | |
| download | samba-9496f1e2063eb0b93142bfaf86979b21bf8b56e6.tar.gz samba-9496f1e2063eb0b93142bfaf86979b21bf8b56e6.tar.bz2 samba-9496f1e2063eb0b93142bfaf86979b21bf8b56e6.zip | |
Convert 'Security' section of smb.conf to new format
(This used to be commit 85eadec0838bdcb5604d5cf66b204ee610e2ad7a)
Diffstat (limited to 'docs/docbook/smbdotconf/security/username.xml')
| -rw-r--r-- | docs/docbook/smbdotconf/security/username.xml | 124 |
1 files changed, 63 insertions, 61 deletions
diff --git a/docs/docbook/smbdotconf/security/username.xml b/docs/docbook/smbdotconf/security/username.xml index 779f24170b..f1aa2fe1f8 100644 --- a/docs/docbook/smbdotconf/security/username.xml +++ b/docs/docbook/smbdotconf/security/username.xml @@ -1,62 +1,64 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAME"/>username (S)</term> - <listitem><para>Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).</para> - - <para>The <parameter moreinfo="none">username</parameter> line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.</para> - - <para>The <parameter moreinfo="none">username</parameter> line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - <parameter moreinfo="none">username</parameter> line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.</para> - - <para>Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.</para> - - <para>To restrict a service to a particular set of users you - can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users - </parameter></link> parameter.</para> - - <para>If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.</para> +<samba:parameter name="username" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be tested against + each username in turn (left to right).</para> + + <para>The <parameter moreinfo="none">username</parameter> line is needed only when + the PC is unable to supply its own username. This is the case + for the COREPLUS protocol or where your users have different WfWg + usernames to UNIX usernames. In both these cases you may also be + better using the \\server\share%user syntax instead.</para> + + <para>The <parameter moreinfo="none">username</parameter> line is not a great + solution in many cases as it means Samba will try to validate + the supplied password against each of the usernames in the + <parameter moreinfo="none">username</parameter> line in turn. This is slow and + a bad idea for lots of users in case of duplicate passwords. + You may get timeouts or security breaches using this parameter + unwisely.</para> + + <para>Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just offers hints + to the Samba server as to what usernames might correspond to the + supplied password. Users can login as whoever they please and + they will be able to do no more damage than if they started a + telnet session. The daemon runs as the user that they log in as, + so they cannot do anything that user cannot do.</para> + + <para>To restrict a service to a particular set of users you + can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users + </parameter></link> parameter.</para> + + <para>If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if Samba + is compiled with netgroup support), followed by a lookup in + the UNIX groups database and will expand to a list of all users + in the group of that name.</para> - <para>If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.</para> - - <para>If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.</para> - - <para>Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.</para> - - <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</link> for more information on how - this parameter determines access to the services.</para> - - <para>Default: <command moreinfo="none">The guest account if a guest service, - else <empty string>.</command></para> - - <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane, - @users, @pcgroup</command></para> - </listitem> - </samba:parameter> + <para>If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and will + expand to a list of all users in the group of that name.</para> + + <para>If any of the usernames begin with a '&' then the name + will be looked up only in the NIS netgroups database (if Samba + is compiled with netgroup support) and will expand to a list + of all users in the netgroup group of that name.</para> + + <para>Note that searching though a groups database can take + quite some time, and some clients may time out during the + search.</para> + + <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT + USERNAME/PASSWORD VALIDATION</link> for more information on how + this parameter determines access to the services.</para> + + <para>Default: <command moreinfo="none">The guest account if a guest service, + else <empty string>.</command></para> + + <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane, + @users, @pcgroup</command></para> +</listitem> +</samba:parameter> |