Include samba and libpam-smbpass by default in Ubuntu

pabloalmeidaff9 at gmail.com pabloalmeidaff9 at gmail.com
Tue Jan 7 22:25:28 UTC 2014 

Oh, well. We should be off to fixing that bug, then.


2014/1/7 Steve Langasek <steve.langasek at canonical.com>

> On Sun, Jan 05, 2014 at 10:50:35PM -0200, pabloalmeidaff9 at gmail.com wrote:
> > We really don't have a way to have the packages installed but the service
> > stopped/unavailable until the user needs it?
>
> It could be done, but that's not the way Debian packages are put together
> by
> default.  It would be a rather large amount of work, and I doubt that
> filesharing on the local network is seen as an important enough use case
> today to justify that effort.
>
> --
> Steve Langasek                   Give me a lever long enough and a Free OS
> Debian Developer                   to set it on, and I can move the world.
> Ubuntu Developer                                    http://www.debian.org/
> slangasek at ubuntu.com                                     vorlon at debian.org
>
>
> > 2014/1/5 Steve Langasek <steve.langasek at ubuntu.com>
>
> > > On Sun, Jan 05, 2014 at 12:47:47PM -0500, Stéphane Graber wrote:
> > > > Ubuntu has a no open port by default policy at least for the Desktop
> > > > installation. If you look at a default Ubuntu Desktop system the only
> > > > exceptions you should see to that rule are the DHCP client (which
> needs
> > > > to listen on udp/68) and avahi-daemon (which needs to listen on
> > > > udp/5353).
> > >
> > > > So having samba installed and running by default isn't an option and
> > > > would be a potential security risk for millions of systems which do
> not
> > > > need the service at all anyway.
> > >
> > > > I think having nautilus prompt the user for those packages to be
> > > > installed is perfectly reasonable, having to restart the session
> however
> > > > seems a bit odd to me and shouldn't be a requirement.
> > >
> > > The requirement follows from the fact that CIFS shares require a
> different
> > > password hash to be available on the server system for authentication
> than
> > > the one used by default in /etc/shadow, and while the permissions on
> the
> > > file managed by libpam-smbpasswd are secure, the NTLM hashes are
> strictly
> > > weaker than the hashes used for /etc/shadow, which exposes users to
> greater
> > > risk of password cracking if the database is stolen.  So since these
> hashes
> > > are not generated until the user opts in to CIFS sharing through
> nautilus
> > > (changing their PAM config), the session logout/login is unavoidable.
> > >
> > > --
> > > Steve Langasek                   Give me a lever long enough and a
> Free OS
> > > Debian Developer                   to set it on, and I can move the
> world.
> > > Ubuntu Developer
> http://www.debian.org/
> > > slangasek at ubuntu.com
> vorlon at debian.org
> > >
> >
> >
> >
> > --
> > Pablo Almeida
> > http://www.google.com/profiles/pabloalmeidaff9
>



-- 
Pablo Almeida
http://www.google.com/profiles/pabloalmeidaff9
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-desktop/attachments/20140107/6b90e770/attachment.html>

More information about the ubuntu-desktop mailing list