Feeds

SAMBA team plots ‘killer appliance’

All that and single sign-on too

  • alert
  • submit to reddit

Mobile application security vulnerability report

The SAMBA team is working on code that will lead to "killer appliances" according to author Jeremy Allison. At the very least, it could offer an opportunity to reduce the need for many of the NT servers that are deployed today.

Winbind hooks into the authentication mechanism used by Linux and most commercial Unixes, and replicates user and group information that's stored on a Windows NT/2000 server. It offers a single sign-on to Windows user information and works transparently with existing Unix software. Currently, sites using the open source SAMBA replacement for Windows file-and-print services must keep the Windows user database and the SAMBA server's user information in sync, a pretty tedious job.

The code is slated for release later this year, but The Register has had a sneak preview. Although the code is still in a pretty rough state, it worked seamlessly with existing Linux software. For example, once logged in using Winbind, group information was visible in KDE's file properties box as well as ls and other command line programs.

"It's the missing link," says Allison, the joint lead for the Samba project. "With Winbind, a Linux, or a Solaris or HP-UX server simply becomes a member server. You still need a PDC [Windows primary domain controller] - but eventually we can replace the PDC."

It works like this. The Linux authentication model uses PAM, or pluggable authentication modules (yes, the M is redundant), originally devised by Sun but adopted by most other commercial Unixes. Client side programs such as ls, ftp su or login make a call to nsswitch, which goes and looks for modules - which might be Unix Yellow Pages, LDAP or local information. Winbind is simply another module - the Winbind daemon caches user information stored on a Windows server. The user only need login as usergroup\username at their terminal.

The Samba code is widely used as a replacement for Windows file and print services. In fact, according to Allison, SAMBA often works more efficiently than the SMB protocol it replaces: by checking the RPC strings for overflows (which is why SAMBA servers can resist crashes NT/2000 can't), as well as using obvious optimisations ignored by Windows. There's not much the team can do about designed-in Windows security flaws, such as sending passwords of new machine as Unicode text over the network.

Appliance manufacturers including Cobalt are already interested, says Allison. The code was developed with input from Sun, which doesn't use Samba in its Cascades code, which also tries to make Windows-hosted Windows services redundant by doing the same jobs on Solaris servers. ®

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.