samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2001-11-27	another memory leak bites the dust	Andrew Tridgell	1	-4/+0
	(This used to be commit 982d6d447add2d4079c28c0b8ecb0e499f391a2a)
2001-11-27	fix sense of lp_allow_trusted_domains()	Andrew Tridgell	1	-9/+0
	fix a memory leak (This used to be commit 1421f2fbcb296a894cb4e7548e0275e35e055b98)
2001-11-26	A number of things to clean up the auth subsytem a bit...	Andrew Bartlett	1	-9/+19
	We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26	add SEC_ADS auth method	Andrew Tridgell	1	-0/+12
	(This used to be commit b175c42080b15f27589cb6b6d61af5cbbedf5d02)
2001-11-26	challange -> challenge	Tim Potter	1	-34/+34
	(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-25	Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error	Andrew Bartlett	1	-0/+3
	map. This little authentication module is #ifdef DEVELOPER, becouse it really is of no use execept as a development tool invoke by setting: auth methods = guest sam name_to_ntstatus in the smb.conf file (the SAM and guest elements are required for the member server to authenticate itself). Andrew Bartlett (This used to be commit 9807e66f34c1088399657060977e384c5a7f0664)
2001-11-24	This is another rather major change to the samba authenticaion	Andrew Bartlett	1	-0/+279
	subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)