summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/username.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/security/username.xml')
-rw-r--r--docs/docbook/smbdotconf/security/username.xml124
1 files changed, 63 insertions, 61 deletions
diff --git a/docs/docbook/smbdotconf/security/username.xml b/docs/docbook/smbdotconf/security/username.xml
index 779f24170b..f1aa2fe1f8 100644
--- a/docs/docbook/smbdotconf/security/username.xml
+++ b/docs/docbook/smbdotconf/security/username.xml
@@ -1,62 +1,64 @@
-<samba:parameter xmlns:samba="http://samba.org/common">
- <term><anchor id="USERNAME"/>username (S)</term>
- <listitem><para>Multiple users may be specified in a comma-delimited
- list, in which case the supplied password will be tested against
- each username in turn (left to right).</para>
-
- <para>The <parameter moreinfo="none">username</parameter> line is needed only when
- the PC is unable to supply its own username. This is the case
- for the COREPLUS protocol or where your users have different WfWg
- usernames to UNIX usernames. In both these cases you may also be
- better using the \\server\share%user syntax instead.</para>
-
- <para>The <parameter moreinfo="none">username</parameter> line is not a great
- solution in many cases as it means Samba will try to validate
- the supplied password against each of the usernames in the
- <parameter moreinfo="none">username</parameter> line in turn. This is slow and
- a bad idea for lots of users in case of duplicate passwords.
- You may get timeouts or security breaches using this parameter
- unwisely.</para>
-
- <para>Samba relies on the underlying UNIX security. This
- parameter does not restrict who can login, it just offers hints
- to the Samba server as to what usernames might correspond to the
- supplied password. Users can login as whoever they please and
- they will be able to do no more damage than if they started a
- telnet session. The daemon runs as the user that they log in as,
- so they cannot do anything that user cannot do.</para>
-
- <para>To restrict a service to a particular set of users you
- can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users
- </parameter></link> parameter.</para>
-
- <para>If any of the usernames begin with a '@' then the name
- will be looked up first in the NIS netgroups list (if Samba
- is compiled with netgroup support), followed by a lookup in
- the UNIX groups database and will expand to a list of all users
- in the group of that name.</para>
+<samba:parameter name="username"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Multiple users may be specified in a comma-delimited
+ list, in which case the supplied password will be tested against
+ each username in turn (left to right).</para>
+
+ <para>The <parameter moreinfo="none">username</parameter> line is needed only when
+ the PC is unable to supply its own username. This is the case
+ for the COREPLUS protocol or where your users have different WfWg
+ usernames to UNIX usernames. In both these cases you may also be
+ better using the \\server\share%user syntax instead.</para>
+
+ <para>The <parameter moreinfo="none">username</parameter> line is not a great
+ solution in many cases as it means Samba will try to validate
+ the supplied password against each of the usernames in the
+ <parameter moreinfo="none">username</parameter> line in turn. This is slow and
+ a bad idea for lots of users in case of duplicate passwords.
+ You may get timeouts or security breaches using this parameter
+ unwisely.</para>
+
+ <para>Samba relies on the underlying UNIX security. This
+ parameter does not restrict who can login, it just offers hints
+ to the Samba server as to what usernames might correspond to the
+ supplied password. Users can login as whoever they please and
+ they will be able to do no more damage than if they started a
+ telnet session. The daemon runs as the user that they log in as,
+ so they cannot do anything that user cannot do.</para>
+
+ <para>To restrict a service to a particular set of users you
+ can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users
+ </parameter></link> parameter.</para>
+
+ <para>If any of the usernames begin with a '@' then the name
+ will be looked up first in the NIS netgroups list (if Samba
+ is compiled with netgroup support), followed by a lookup in
+ the UNIX groups database and will expand to a list of all users
+ in the group of that name.</para>
- <para>If any of the usernames begin with a '+' then the name
- will be looked up only in the UNIX groups database and will
- expand to a list of all users in the group of that name.</para>
-
- <para>If any of the usernames begin with a '&amp;' then the name
- will be looked up only in the NIS netgroups database (if Samba
- is compiled with netgroup support) and will expand to a list
- of all users in the netgroup group of that name.</para>
-
- <para>Note that searching though a groups database can take
- quite some time, and some clients may time out during the
- search.</para>
-
- <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
- USERNAME/PASSWORD VALIDATION</link> for more information on how
- this parameter determines access to the services.</para>
-
- <para>Default: <command moreinfo="none">The guest account if a guest service,
- else &lt;empty string&gt;.</command></para>
-
- <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane,
- @users, @pcgroup</command></para>
- </listitem>
- </samba:parameter>
+ <para>If any of the usernames begin with a '+' then the name
+ will be looked up only in the UNIX groups database and will
+ expand to a list of all users in the group of that name.</para>
+
+ <para>If any of the usernames begin with a '&amp;' then the name
+ will be looked up only in the NIS netgroups database (if Samba
+ is compiled with netgroup support) and will expand to a list
+ of all users in the netgroup group of that name.</para>
+
+ <para>Note that searching though a groups database can take
+ quite some time, and some clients may time out during the
+ search.</para>
+
+ <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
+ USERNAME/PASSWORD VALIDATION</link> for more information on how
+ this parameter determines access to the services.</para>
+
+ <para>Default: <command moreinfo="none">The guest account if a guest service,
+ else &lt;empty string&gt;.</command></para>
+
+ <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane,
+ @users, @pcgroup</command></para>
+</listitem>
+</samba:parameter>