diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2001-11-26 06:47:04 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2001-11-26 06:47:04 +0000 |
| commit | 4499007e45637f172c4afb0ec2e048cf795a3cbe (patch) | |
| tree | 3baebd215a4f88e90800c8811f54f916ceb2c526 /source3/auth/auth_info.c | |
| parent | a131c2cfdcd4e10d85e21bcf4b3e45b99054a96c (diff) | |
| download | samba-4499007e45637f172c4afb0ec2e048cf795a3cbe.tar.gz samba-4499007e45637f172c4afb0ec2e048cf795a3cbe.tar.bz2 samba-4499007e45637f172c4afb0ec2e048cf795a3cbe.zip | |
A number of things to clean up the auth subsytem a bit...
We now default encrypt passwords = yes
We now check plaintext passwords (however aquired) with the 'sam' backend
rather than unix, if encrypt passwords = yes.
(this kills off the 'local' backed. The sam backend may be renamed in its
place)
The new 'samstrict' wrapper backend checks that the user's domain is one of
our netbios aliases - this ensures that we don't get fallback crazies with
security = domain.
Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks
that the user was not local before contacting the DC.
The default ordering has changed, we now check the local stuff first - but
becouse of the changes above, we will really only ever contact one
auth source.
Andrew Bartlett
(This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
Diffstat (limited to 'source3/auth/auth_info.c')
| -rw-r--r-- | source3/auth/auth_info.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/source3/auth/auth_info.c b/source3/auth/auth_info.c index 8087be48f2..99648aba8d 100644 --- a/source3/auth/auth_info.c +++ b/source3/auth/auth_info.c @@ -25,9 +25,9 @@ const struct auth_init_function builtin_auth_init_functions[] = { { "guest", auth_init_guest }, { "rhosts", auth_init_rhosts }, { "hostsequiv", auth_init_hostsequiv }, - { "sam", auth_init_sam }, + { "sam", auth_init_sam }, + { "samstrict", auth_init_samstrict }, { "unix", auth_init_unix }, - { "local", auth_init_local }, { "smbserver", auth_init_smbserver }, { "ntdomain", auth_init_ntdomain }, { "winbind", auth_init_winbind }, @@ -139,23 +139,33 @@ BOOL make_auth_info_subsystem(auth_authsupplied_info **auth_info) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); - auth_method_list = lp_list_make("guest ntdomain local"); + auth_method_list = lp_list_make("guest samstrict ntdomain"); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); - auth_method_list = lp_list_make("guest smbserver local"); + auth_method_list = lp_list_make("guest samstrict smbserver"); break; case SEC_USER: - DEBUG(5,("Making default auth method list for security=user\n")); - auth_method_list = lp_list_make("guest local"); + if (lp_encrypted_passwords()) { + DEBUG(5,("Making default auth method list for security=user, encrypt passwords = yes\n")); + auth_method_list = lp_list_make("guest sam"); + } else { + DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); + auth_method_list = lp_list_make("guest unix"); + } break; case SEC_SHARE: - DEBUG(5,("Making default auth method list for security=share\n")); - auth_method_list = lp_list_make("guest local"); + if (lp_encrypted_passwords()) { + DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); + auth_method_list = lp_list_make("guest sam"); + } else { + DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); + auth_method_list = lp_list_make("guest unix"); + } break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); - auth_method_list = lp_list_make("guest ads ntdomain local"); + auth_method_list = lp_list_make("guest samstrict ads ntdomain"); break; default: DEBUG(5,("Unknown auth method!\n")); |