| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 05 May 2007 15:47:55 -0500 From: "Steve French (smfltc)" <smfltc@...ibm.com> To: Shirish S Pargaonkar <shirishp@...ibm.com> CC: smfltc@...ux.vnet.ibm.com, hch@...radead.org, Jeff Layton <jlayton@...hat.com>, linux-cifs-client@...ts.samba.org, linux-cifs-client-bounces+shirishp=us.ibm.com@...ts.samba.org, linux-kernel <linux-kernel@...r.kernel.org>, samba-technical@...ts.samba.org Subject: Re: [linux-cifs-client] Re: [PATCH] CIFS: make sec=none force an anonymous mount Shirish S Pargaonkar wrote: > > > When a session setup request is sent as an anonymous user (NUL user), > should/could there be > password associated with that? > Right now, sec=none option, will prompt you for a password. > And when we add code to retry session setup as anonymous user if the > first session setup request > fails, should that retry request be sent with the password or without > password? > > When smbfs sends requests as an anonymous user, it does not send a > password along with it. > > Regards, > > Shirish > We should allow a password to be specified (presumably it is not common for a server to have a password associated with a null user), but probably not prompt (similar to "guest" - except for the case of guest, we start with the username of uid of current process, and only if it fails with access denied do we try "user=" (or equivalently sec=none)) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists