From owner-freebsd-current Wed Nov 27 14:20:56 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 872DF37B404 for ; Wed, 27 Nov 2002 14:20:55 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41E1B43E88 for ; Wed, 27 Nov 2002 14:20:53 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a005.otenet.gr [212.205.215.5]) by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id gARMKhpu008183; Thu, 28 Nov 2002 00:20:47 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.6/8.12.6) with ESMTP id gARMKf7W013227; Thu, 28 Nov 2002 00:20:41 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by gothmog.gr (8.12.6/8.12.6/Submit) id gARMKbE5013226; Thu, 28 Nov 2002 00:20:37 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 28 Nov 2002 00:20:37 +0200 From: Giorgos Keramidas To: Terry Lambert Cc: "David W. Chapman Jr." , current@FreeBSD.ORG Subject: Re: pw_user.c change for samba Message-ID: <20021127222037.GA13085@gothmog.gr> References: <20021127192126.GA31706@leviathan.inethouston.net> <3DE52B70.44402B98@mindspring.com> <20021127203401.GA35573@leviathan.inethouston.net> <3DE5315A.FC6D59B@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3DE5315A.FC6D59B@mindspring.com> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-11-27 12:55, Terry Lambert wrote: > It seems to me that another alternative is that all these > names end in '$'; therefore, when you are expecting one of > these names, you could imply a '$', without needing to actually > have it in the password file -- in other words, it's an > attribute, not really part of the account name. > > Will this open up a security hole for a nomal user account > being used to compromise the domain system security? Probably 'yes'. I haven't tried this, but I guess one could name his machine "Administrator". When that username is passed around, is it clear that it is a machine name and not a user name? I guess that if this way someone just might trick a remote SMB server that his username is 'Administrator' by changing his local machine's name, we have a problem... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message