Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!in2.uu.net!globalcenter.net!nntp-hub.barrnet.net!inet-nntp-gw-1.us.oracle.com!news.caldera.com!park.uvsc.edu!usenet
From: Terry Lambert <terry@cs.weber.edu>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Linux Killer App (ksmbfs)
Date: 2 Oct 1995 20:00:19 GMT
Organization: Utah Valley State College, Orem, Utah
Lines: 57
Message-ID: <44pgcj$ap@park.uvsc.edu>
References: <44cma4$fv4@hole.sdsu.edu> <44g8jj$51q@keltia.freenix.fr> <44h6qi$kbf@news.bu.edu> <44ha9d$9h0@mark.ucdavis.edu> <44nt2q$lnf@news.bu.edu>
NNTP-Posting-Host: hecate.artisoft.com
mi@cs.bu.edu (Mikhail Teterin) wrote:
] It is probably my English. I'm very well aware of smbclient... It is
] exactly what we _BOTH_ mean by `ftp-like clinet/app'. I said using it
] annoys, and asked if there is a hope to `mount -t samba' in the near
] future.
A connection from a "client" to a "server" in an SMB protocol
resource sharing scheme uses an authentication credential.
A "mount" is a single connection.
How do you propose to allow user level security with a "mount",
since the only way the file server will support that is one
connection per user?
If you propose to do this by establishing a connection per user,
how do you propose that the kernel ask the user his LANMan password
in order to establish the connection?
If you propose to use a single connection per machine, how do you
propose to allow multiple users on a single machine?
The problem is complex, and the Linux SMBFS does not sufficiently
resolve it. As a matter of fact, it introduces gaping security
issues for the LanMan network administrator if he is not the same
person as the BSD administrator.
There is *no way* to proxy credentials from a "login server" (like
a BSD or Linux box) to a "file server" (like an WinNT or WFWG or
Win95 box) short of rewriting the WinNT/WFWG/Win95 authentication
to use tickiting or some similar convention so that the credentials
may be transported to get around the file server's inability to
allow authentication by proxy (what NFS uses).
Novell's NUC (NetWare UNIX Client) FS has taken three years of
effort, and still has not fully addressed the issues. For 5
engineers, 3 years is ~$1M in developer salary (assuming they
are paid moderately).
We understand the problem.
SMBFS is not the answer.
If you want to write an SMBFS with the inherent limitations of
a restricted model, feel free. It would have less utility than
an smbclient broken out into several command line utilties along
the line of mtools. Personally, I'd rather solve the problem
than kludge around it; a planned kludge is not worthy of my efforts.
Regards,
Terry Lambert
terry@cs.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.