[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root password is not stored in /etc/cipux/


On Tuesday 12 December 2006 13:10, Finn-Arne Johansen wrote:
> I'll retry to get you to understand this.
> The password for the smbadmin user is _not_ the same as the root
> account, nor ldap admin account.

Yes I understand this, Look in my first mail in this threat.

We have 3 etities:


All of then could have 3 different password hashes in LDAP.
The passord is of smbadmin is stored in clear text on HD.

and we have (posix) user root with an encrypted password stored in shadow 

which must be identical to the 3 others, but was identical at least till 

> It could be,  but by default it's not the same.

On Every sarge and woody system which was installed and not modified, it was 
the same.

Or has this changed in etch?
(I ask this question now more than once in this tread, and no answer till 

> Normally, noone knows the password for the smbadmin ldap user, unless
> they've done a tdbdump /var/lib/samba/secrets.tdb

if its not the same, yes.

> And with the default settings, it should not be possible to generate a
> normal user account, to be used for logging in on the system.

good.  (but you are not 100% sure, aren't you?)

> To get a working samba implementation, it's not possible to _not_ store
> this password hashed in /var/lib/samba/secrets. 

This is exactly what I mean! 

And pere should understand that this is also true for every other 
Samba like framework which have to connect to the LDAP server, 
like CipUX.

> It is however possible 
> to make it impossible to use that password to create new accounts. to do
> this, you have to create the machine accounts before joining the
> machines to the domain.

well and how dos samba retrieve LDAP information without a password? You
know that SAMBA do a lot of LDAP queries in a productive environment. Even 
after machine accounts have been created.

But what you probably  meant was, you can change the ACL after account 
creation and change or change maybe not the password on the disk.

Of course this more secure. But this is not quite possible for a tool which 
has the aim of creating accounts! 

A good thing would be to make an ACL which forbid to create accounts with id=0 

Is this possible?

But the fact remains: the password is stored on the disk.


Reply to: