summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/hostsequiv.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/security/hostsequiv.xml')
-rw-r--r--docs/docbook/smbdotconf/security/hostsequiv.xml26
1 files changed, 26 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/hostsequiv.xml b/docs/docbook/smbdotconf/security/hostsequiv.xml
new file mode 100644
index 0000000000..68d6d628e8
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/hostsequiv.xml
@@ -0,0 +1,26 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term>
+ <listitem><para>If this global parameter is a non-null string,
+ it specifies the name of a file to read for the names of hosts
+ and users who will be allowed access without specifying a password.
+ </para>
+
+ <para>This is not be confused with <link linkend="HOSTSALLOW">
+ <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts
+ access to services and is more useful for guest services. <parameter moreinfo="none">
+ hosts equiv</parameter> may be useful for NT clients which will
+ not supply passwords to Samba.</para>
+
+ <para><emphasis>NOTE :</emphasis> The use of <parameter moreinfo="none">hosts equiv
+ </parameter> can be a major security hole. This is because you are
+ trusting the PC to supply the correct username. It is very easy to
+ get a PC to supply a false username. I recommend that the
+ <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really
+ know what you are doing, or perhaps on a home network where you trust
+ your spouse and kids. And only if you <emphasis>really</emphasis> trust
+ them :-).</para>
+
+ <para>Default: <emphasis>no host equivalences</emphasis></para>
+ <para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para>
+ </listitem>
+ </samba:parameter>