Re: Passthough security fix.

Jeremy Allison (jallison@whistle.com)
Tue, 21 Apr 1998 09:37:34 -0700

Date:	Tue, 21 Apr 1998 09:37:34 -0700
From:	Jeremy Allison <jallison@whistle.com>
To:	tridge@samba.anu.edu.au
Subject: Re: Passthough security fix.

Andrew Tridgell wrote:
>
> > how about using "LsaSamLogon" instead?
>
> indeed! Jeremy, is that the basis of your proposed security=domain
> code? Sorry for not paying attention earlier ...

Well yes, doing an NT style logon does get around the
problem completely - but then the code that does passthroughs
just isn't used in that case. Plus you need to setup
a machine account & add yourself to the domain etc.

I have it designed, and will start to code it up
asap (it should be rather easy to add, it just means
calling a different function than server_validate()).

What I was talking about here was fixing the older
code as well :-).

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------