Feeds

SAMBA team plots ‘killer appliance’

All that and single sign-on too

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The SAMBA team is working on code that will lead to "killer appliances" according to author Jeremy Allison. At the very least, it could offer an opportunity to reduce the need for many of the NT servers that are deployed today.

Winbind hooks into the authentication mechanism used by Linux and most commercial Unixes, and replicates user and group information that's stored on a Windows NT/2000 server. It offers a single sign-on to Windows user information and works transparently with existing Unix software. Currently, sites using the open source SAMBA replacement for Windows file-and-print services must keep the Windows user database and the SAMBA server's user information in sync, a pretty tedious job.

The code is slated for release later this year, but The Register has had a sneak preview. Although the code is still in a pretty rough state, it worked seamlessly with existing Linux software. For example, once logged in using Winbind, group information was visible in KDE's file properties box as well as ls and other command line programs.

"It's the missing link," says Allison, the joint lead for the Samba project. "With Winbind, a Linux, or a Solaris or HP-UX server simply becomes a member server. You still need a PDC [Windows primary domain controller] - but eventually we can replace the PDC."

It works like this. The Linux authentication model uses PAM, or pluggable authentication modules (yes, the M is redundant), originally devised by Sun but adopted by most other commercial Unixes. Client side programs such as ls, ftp su or login make a call to nsswitch, which goes and looks for modules - which might be Unix Yellow Pages, LDAP or local information. Winbind is simply another module - the Winbind daemon caches user information stored on a Windows server. The user only need login as usergroup\username at their terminal.

The Samba code is widely used as a replacement for Windows file and print services. In fact, according to Allison, SAMBA often works more efficiently than the SMB protocol it replaces: by checking the RPC strings for overflows (which is why SAMBA servers can resist crashes NT/2000 can't), as well as using obvious optimisations ignored by Windows. There's not much the team can do about designed-in Windows security flaws, such as sending passwords of new machine as Unicode text over the network.

Appliance manufacturers including Cobalt are already interested, says Allison. The code was developed with input from Sun, which doesn't use Samba in its Cascades code, which also tries to make Windows-hosted Windows services redundant by doing the same jobs on Solaris servers. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.