On Fri, Mar 28, 2003 at 02:34:24PM -0000, Zhi Cheng Wang wrote: Hi Zhi - Please post your emails in proper format - Plain text wrapped to 72 chars wide and no "Top Posting" (No Top Posting means you place your response Below the content you are replying to.)
> Hi, Christopher > > we are using windows 2000 servers. we configured samba to use win server to > authenticate users when they access Linux file from windows environment. > > perhaps if we some how to make use of ldap for authentication, then we would > configure samba to use a Linux server to do the authentication when users access > windows files from Linux? provided that win2k allows this. > > can we do both? > > I do not think any org will allow their sys admin to know everyone's pass word. On most systems, WIN as well as UNIX/Linux, you can't prevent a sysadmin from having access to, or pretending to be any user. Access to the user's password is superfluous and therefore need not be protected from the sysadmin. One Note for the future - ACLS are being implemented in a way which may make it possible for a user to protect files from access even by a sysadmin/Root user in some environments. This is both good and bad and also happens to be inevitable due to heightened security concerns. When this becomes widespread Zhi's objection will be valid. This means we should at least think about ways to the above without storing cleartext password anywhere. Its a good idea/principle to follow now anyway. -- Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. [EMAIL PROTECTED] copyright 2003. Use is restricted. Any use is an acceptance of the offer at http://www.kinz.org/policy.html. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
