summaryrefslogtreecommitdiff
path: root/libds/common/roles.h
AgeCommit message (Collapse)AuthorFilesLines
2012-05-15s3-auth: remove "security=server" (depricated since 3.6)Stefan Metzmacher1-2/+17
"security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-2/+19
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2011-11-17libds: Make server role values explicit for easier debuggingAndrew Bartlett1-1/+6
2011-11-17param: calculate server role from security, and security from server roleAndrew Bartlett1-1/+1
This allows smb.conf files from either the samba3 or samba4 tradition to come to the same value of server role, using the information in the smb.conf file. This is important so that tools like 'net getlocalsid' work against a Samba4 AD installation (yes, users have tried this). Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17roles: Add ROLE_AUTO to indicate that the server role is calculatedAmitay Isaacs1-1/+4
2011-05-08libds: moved enum security_types to a common headerAndrew Tridgell1-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-05-03libds: added roles.h for server rolesAndrew Tridgell1-0/+42
this will allow us to move the server roles in common, which will make it much easier to mix s3/s4 calls in the one C file Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>