From d7bb961859a3501aec4d28842bfffb6190d19a73 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Feb 2012 18:03:10 +1100 Subject: s3-auth: Remove security=share (depricated since 3.6). This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ --- lib/param/loadparm_server_role.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib/param/loadparm_server_role.c') diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 36551593a8..4ba54b9131 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -73,11 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do role = ROLE_STANDALONE; switch (security) { - case SEC_SHARE: - if (domain_logons) { - DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); - } - break; case SEC_SERVER: if (domain_logons) { DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); @@ -162,7 +157,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) valid = true; break; case ROLE_STANDALONE: - if (security == SEC_SHARE || security == SEC_SERVER || security == SEC_USER) { + if (security == SEC_SERVER || security == SEC_USER) { valid = true; } break; -- cgit