[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root password is not stored in /etc/cipux/

Finn-Arne Johansen skrev:
> Christian Kuelker skrev:
>> Dear Petter Reinholdtsen,
>>
>> On Tuesday 12 December 2006 09:57, you wrote:
>>> [Christian Kuelker]
>>>
....

>>
>> But why you store the cn=smbadmin in clear text on disk? Which is again the 
>> root password.
> 
> no, it's not.

I'll retry to get you to understand this.

The password for the smbadmin user is _not_ the same as the root
account, nor ldap admin account.

It could be,  but by default it's not the same.

Normally, noone knows the password for the smbadmin ldap user, unless
they've done a tdbdump /var/lib/samba/secrets.tdb

And with the default settings, it should not be possible to generate a
normal user account, to be used for logging in on the system.

To get a working samba implementation, it's not possible to _not_ store
this password hashed in /var/lib/samba/secrets. It is however possible
to make it impossible to use that password to create new accounts. to do
this, you have to create the machine accounts before joining the
machines to the domain.

-- 
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642
Reply to: