diff options
Diffstat (limited to 'docs/docbook/smbdotconf/security/hostsequiv.xml')
| -rw-r--r-- | docs/docbook/smbdotconf/security/hostsequiv.xml | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/docs/docbook/smbdotconf/security/hostsequiv.xml b/docs/docbook/smbdotconf/security/hostsequiv.xml index 084d8268ef..873053be28 100644 --- a/docs/docbook/smbdotconf/security/hostsequiv.xml +++ b/docs/docbook/smbdotconf/security/hostsequiv.xml @@ -1,26 +1,29 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term> - <listitem><para>If this global parameter is a non-null string, - it specifies the name of a file to read for the names of hosts - and users who will be allowed access without specifying a password. - </para> +<samba:parameter name="hosts equiv" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If this global parameter is a non-null string, + it specifies the name of a file to read for the names of hosts + and users who will be allowed access without specifying a password. + </para> - <para>This is not be confused with <link linkend="HOSTSALLOW"> - <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts - access to services and is more useful for guest services. <parameter moreinfo="none"> - hosts equiv</parameter> may be useful for NT clients which will - not supply passwords to Samba.</para> + <para>This is not be confused with <link linkend="HOSTSALLOW"> + <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts + access to services and is more useful for guest services. <parameter moreinfo="none"> + hosts equiv</parameter> may be useful for NT clients which will + not supply passwords to Samba.</para> - <note><para>The use of <parameter moreinfo="none">hosts equiv - </parameter> can be a major security hole. This is because you are - trusting the PC to supply the correct username. It is very easy to - get a PC to supply a false username. I recommend that the - <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really - know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you <emphasis>really</emphasis> trust - them :-).</para></note> + <note><para>The use of <parameter moreinfo="none">hosts equiv + </parameter> can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the + <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really + know what you are doing, or perhaps on a home network where you trust + your spouse and kids. And only if you <emphasis>really</emphasis> trust + them :-).</para></note> - <para>Default: <emphasis>no host equivalences</emphasis></para> - <para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para> - </listitem> - </samba:parameter> + <para>Default: <emphasis>no host equivalences</emphasis></para> + <para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para> +</listitem> +</samba:parameter> |