On 2002-11-27 12:55, Terry Lambert <[EMAIL PROTECTED]> wrote: > It seems to me that another alternative is that all these > names end in '$'; therefore, when you are expecting one of > these names, you could imply a '$', without needing to actually > have it in the password file -- in other words, it's an > attribute, not really part of the account name. > > Will this open up a security hole for a nomal user account > being used to compromise the domain system security?
Probably 'yes'. I haven't tried this, but I guess one could name his machine "Administrator". When that username is passed around, is it clear that it is a machine name and not a user name? I guess that if this way someone just might trick a remote SMB server that his username is 'Administrator' by changing his local machine's name, we have a problem... To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
