On Thu, 2007-02-22 at 18:18 -0800, Pete Rowley wrote: > Andrew Bartlett wrote: > > And where OpenLDAP has done something first, or it's way of doing things > > is more sane, I ask that Fedora DS follow that lead. I need less, not > > more 'if <vendor>' code... > > > > > Your if vendor code would be zero. Presumably Samba would be enabled > with access in line with its operational requirements. Bearing in mind > that Samba runs as root, it is likely to find that any machine it is > installed on has anonymous access for root, just like it is allowed to > actually run as root. I'm not quite sure what you mean here, but what I don't want is a situation where the admin runs Samba4 against a Fedora DS instance, and forgets to explicitly set 'nsslapd-ldapiautobind: off'. Samba would end up proxying anonymous access as root! It certainly seems an odd default. Or worse still, there be a disagreement between applications as to if this is a setting they want, or a setting they don't want. Instead, have applications that want EXTERNAL auth ask for it, just as they have to ask for it for OpenLDAP. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
