*BSD News Article 98639


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!insync!news.io.com!smartdna!news-xfer.mccc.edu!zdc-e!super.zippo.com!news.maxwell.syr.edu!cpk-news-hub1.bbnplanet.com!su-news-feed4.bbnplanet.com!news.bbnplanet.com!netapp.com!netapp.com!not-for-mail
From: guy@netapp.com (Guy Harris)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: smbfs under FreeBSD?
Date: 27 Jun 1997 11:36:45 -0700
Organization: Network Appliance
Lines: 32
Message-ID: <5p117t$g2e@tooting.netapp.com>
References: <33AFCEA5.167EB0E7@IBC.IskraSistemi.Si> <01bc82a8$ed23e340$b4cc93cf@thewall> <slrn5r73pq.cjm.hdm@stress.noc.demon.net>
NNTP-Posting-Host: tooting.netapp.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43644

J.C. Archambeau <n-xiv@worldnet.att.net> wrote:
>Because of the design limitations of SMBFS, it will never be secure.
>Samba is about as good as you'll get with any of the BSD projects.

Note that SMBFS and Samba aren't interchangeable; the former is an SMB
client, the latter is an SMB server.  Samba does come with a user-mode
"smbclient" program, which is sort of like the "ftp" program only it
uses SMB.

Dominic Mitchell <hdm@demon.net> wrote:
>To expand with this, the problem is that it authenticates on a per user
>basis, which is no use at all in a multi-user environment...

...although I think WinDD and WinCenter and the like make it work in
multi-user NT.  I think they do it by not allowing user A access to any
shares attached by user B - by, I think, having drive letters be
per-user-session.

In UNIX, one might instead have the SMB client code associate with each
session the credentials for that session, and, when a request comes into
the client code via its VOP_ routines, look for a session with
credentials matching those that came in via the VOP_ call and:

	if such a session was found, use it;

	if such a session wasn't found, create a new session with the
	appropriate user name.
-- 
Reply, or follow up, but don't do both, please.

postmaster@localhost
postmaster@127.0.0.1