[prev in list] [next in list] [prev in thread] [next in thread]
List: pam-smb
Subject: Re: [Pam_smb] disable-root-only
From: Dave Airlie <airlied () samba ! org>
Date: 2003-04-09 23:44:03
[Download RAW message or body]
> We are running pam_smb V1.9.9 (development version). We had to do this
> because it is doing authentication on a POP server (RedHat 7.3) and
> there are so many requests that we sometimes got the error that is
> described here :
>
> http://www.csn.ul.ie/~airlied/pam_smb/faq/pam_smb_faq-4.html#ss4.1
I would advise moving to pam_smb -2.0.0-rc2 it contains numerous fixes
over the 1.9.9 series,
>
> => Is the --disable-root-only option the right solution ?
yes this would be necessary,
however it allows user application to authenticate themselves against the
NT server , which isn't a security hole (they could do it with their own
code) but it also means they can write to the pamambd message queue, and
maybe corrupt it, I've never thrown really dodgy data at the message
queue, but I believe in the 2.0.0-rc2 it shouldn't allow a buffer
overflow and probably shouldn't crash,
Dave.
>
> => What is exactly the security risk of configuring pamsmbd with
> the --disable-root-only option ?
>
> Thank you.
>
> Jean-Michel BARBET.
>
>
--
David Airlie, Software Engineer
http://www.skynet.ie/~airlied / airlied@skynet.ie
pam_smb / Linux DecStation / Linux VAX / ILUG person
_______________________________________________
Pam_smb mailing list
Pam_smb@csn.ul.ie
http://mailman.csn.ul.ie/mailman/listinfo.cgi/pam_smb
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic