> I gathered that from the SAMBA site, too. > > The '$' is a pain. None of the examples in the original post > would have worked, because the '$' was not '\$', and the shell > would have blown chunks over the "variable expansion".
The patch I sent in works with "pw add user asdf$", but you may be right about scripts if the $ is at the beginning. > It seems to me that this could cause a great deal of problems > for scripts that process the password files, as they currently > exist, if they use constructs like "eval", or back-ticks, etc.. The problems are already being caused though. If one wants samba to work on NT/2K/XP they have to manually add these entries in now anyway. > If it's allowed, it whould probably only be allowed in the > user name (i.e. the patch is wrong; it should probably add > another parameter to the allowable values of 'int gecos', and > change it to 'int checktype' or similar). I don't have a problem with this, but the patch I sent in is the extent of my abilities to give me desired results(making pw like samba) > It seems to me that another alternative is that all these > names end in '$'; therefore, when you are expecting one of > these names, you could imply a '$', without needing to actually > have it in the password file -- in other words, it's an > attribute, not really part of the account name. > > Will this open up a security hole for a nomal user account > being used to compromise the domain system security? Is it > absolutely necessary to use an in-band method to distinguish > these records from ordinary user accounts? I don't think the samba people would be willing to make this type of change just for FreeBSD since it works for most everyone else. I also don't think there is currently a way to store attributes about machines/users permanently in samba. -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. <www.inethouston.net> [EMAIL PROTECTED] FreeBSD Committer <www.FreeBSD.org> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
