-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Tuesday 09 October 2007 11:23:56 G T Smith wrote:
Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack. No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done <snip something about home directories on samba shares>
Obviously your scenario is just wrong. I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
Been there, done that, used automount, which is capable of using dynamic share names, worked perfectly - no need to create home directories on each machine, no need for local root access
Including maintainable cifs login credentials? We are talking cifs/Windows server integration... The main issue with cifs in its current form is that credentials are passed via the mount point definition as username and password in plain text, or via text file containing these details in plain text. If you change the credentials you have to change the mount point definition (or the credentials file used in the mount definition).. (a second problem is that these credentials either have to be maintained locally, or acquired from a network source somehow)... Unless everyone has the same username and password, and you do not allow users to change cifs passwords this is problematic.... (If you know a way of getting round this one I would love to know it).. There is apparently the option of using LDAP automount entries for automount mapping but I have absolutely no idea whether this is practical with cifs. The pam_mount option is probably currently best as credentials should then be passed at login, and credentials maintenance should disappear as an immediate issue ... I think this started as a comment on why cifs did not conform to expected *NIX behaviour, I think the underlying point is that cifs is NOT a *NIX filesystem, the protocols and behaviour are defined in Redmond to work with M$ systems. To work well from *NIX they have to adopt in part expected aspects of that behaviour... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHC+DKasN0sSnLmgIRAsBSAKDHfWjLa9Xe4ifUzOgcmTWEslBgEQCg15/R tGVb8XeIyMIhg5ffWMKUOEA= =JlkT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org