From owner-freebsd-current Wed Nov 27 14: 4:37 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 826DE37B401 for ; Wed, 27 Nov 2002 14:04:36 -0800 (PST) Received: from leviathan.inethouston.net (leviathan.inethouston.net [66.64.12.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAC1943E9C for ; Wed, 27 Nov 2002 14:04:35 -0800 (PST) (envelope-from dwcjr@inethouston.net) Received: by leviathan.inethouston.net (Postfix, from userid 1001) id 41A8810DE0D; Wed, 27 Nov 2002 16:04:39 -0600 (CST) Date: Wed, 27 Nov 2002 16:04:39 -0600 From: "David W. Chapman Jr." To: Terry Lambert Cc: current@freebsd.org Subject: Re: pw_user.c change for samba Message-ID: <20021127220439.GA38379@leviathan.inethouston.net> Reply-To: "David W. Chapman Jr." Mail-Followup-To: Terry Lambert , current@freebsd.org References: <20021127192126.GA31706@leviathan.inethouston.net> <3DE52B70.44402B98@mindspring.com> <20021127203401.GA35573@leviathan.inethouston.net> <3DE5315A.FC6D59B@mindspring.com> <20021127210640.GA36331@leviathan.inethouston.net> <3DE53B01.BC819662@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3DE53B01.BC819662@mindspring.com> X-Operating-System: FreeBSD 4.6-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Nov 27, 2002 at 01:37:05PM -0800, Terry Lambert wrote: > "David W. Chapman Jr." wrote: > > > If it's allowed, it whould probably only be allowed in the > > > user name (i.e. the patch is wrong; it should probably add > > > another parameter to the allowable values of 'int gecos', and > > > change it to 'int checktype' or similar). > > > > I don't have a problem with this, but the patch I sent in is the > > extent of my abilities to give me desired results(making pw like > > samba) > > See attached patch. It could still screw scripts (e.g. the perl > script version of "adduser") by allowing the "$" in the login > field, but at least it keeps it out of the login class and group > fields. That sounds great! > I think you misunderstand. > > The intent is to allow accounts without "$" appended to be used > as machine logins. Samba would see the '$', remove it, and check > normally. > > The proper "BSD way" to avoid this hack would be to add a login > class "samba_server" (or whatever), and make Samba permit this > type of check only if the user was in the correct login class. Unfortunately they have to support more than just BSD, but I do agree with you that there is probably a better way of doing things. I am just not technically inclined enough to bring this to the attention of the samba team properly. I do have some contacts I could forward to anyone that is interested in trying to persuade them though. -- David W. Chapman Jr. dwcjr@inethouston.net Raintree Network Services, Inc. dwcjr@freebsd.org FreeBSD Committer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message