Bug 3119 - pdb_mysql / pdb_pgsql security concerns
Summary: pdb_mysql / pdb_pgsql security concerns
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: pdb_sql (show other bugs)
Version: 3.0.20
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: pdb_sql maintainers mail alias
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-09-27 05:46 UTC by Jelmer Vernooij
Modified: 2006-02-10 08:42 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jelmer Vernooij 2005-09-27 05:46:25 UTC
The password for the mysql/pgsql user used by the pdb_mysql and pdb_pgsql
modules is stored in plain text in smb.conf. This is obviously a security
concern as it requires smb.conf to be readable only to the user as which Samba runs.

This can probably be fixed easily by providing a mechanism similar to the one
used for the LDAP admin password.

I'm filing this bug report to make sure this will be fixed before the modules
lose their 'experimental' mark.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-02-10 08:42:07 UTC
See bug 3375.  If someone wants to maintain these modules outside
the Samba source tree, that is fine.  But the source has been removed
from the upcoming 3.0.22 release.