samba.git/docs-xml, branch talloc-2.0.0 Unnamed repository; edit this file 'description' to name the repository. s3-docs: Update build howto. 2009-09-01T10:57:45+00:00 Karolin Seeger kseeger@samba.org 2009-09-01T10:55:23+00:00 1bc05ca3bb6499d25d54ba49f2abbc54edad37ed This addresses bug #6661. Karolin 
This addresses bug #6661.

Karolin
Add a parameter to disable the automatic creation of krb5.conf files 2009-08-26T13:28:06+00:00 Volker Lendecke vl@samba.org 2009-08-26T12:56:41+00:00 b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088 This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-) 
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.

The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.

Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
cifs.upcall: make using ip address conditional on new option 2009-08-26T10:26:02+00:00 Jeff Layton jlayton@redhat.com 2009-08-26T10:26:02+00:00 da99e3a724b493ba47a06d0704b891819ad16647 Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).

That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
cifs.upcall: try getting a "cifs/" principal and fall back to "host/" 2009-08-14T11:59:50+00:00 Jeff Layton jlayton@redhat.com 2009-08-14T11:59:50+00:00 b10bdef4e75ffe48d563b2f0825b82519a71c9a7 cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.

Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Documentation for "store create time". 2009-08-12T20:54:38+00:00 Jeremy Allison jra@samba.org 2009-08-12T20:54:38+00:00 7ad5c69bd45d9211dc3bceb655d63d2f141f1bc6 Jeremy. 
Jeremy.
Pass absolute file paths to Inkscape when transforming .svg files 2009-08-08T05:02:52+00:00 Alexander Bokovoy ab@samba.org 2009-08-08T05:02:52+00:00 217e3086c74eb0b46fab512b5887d9a5a5b7ee9a Some recent versions of Inkscape (0.47 or around) have bug when export file name is treated as relative against the directory of original .svg if it wasn't specified as an absolute path. Fix it by always using absolute paths during conversion. 
Some recent versions of Inkscape (0.47 or around) have bug when export file name
is treated as relative against the directory of original .svg if it wasn't specified
as an absolute path. Fix it by always using absolute paths during conversion.
s3/docs: Fix typos. 2009-08-03T08:20:39+00:00 Karolin Seeger kseeger@samba.org 2009-08-03T08:19:45+00:00 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18 Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting! Karolin 
Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting!

Karolin
docs: fix typos in the net man page. 2009-07-27T11:35:59+00:00 Michael Adam obnox@samba.org 2009-07-27T11:33:38+00:00 34c535c9a8d08a480e156aaa9e4b843ffaab0636 Noted by Oota Toshiya <t-oota@dh.jp.nec.com> . Michael 
Noted by Oota Toshiya <t-oota@dh.jp.nec.com> .

Michael
Fix typos reported by OPC Oota. 2009-07-23T14:50:04+00:00 John H Terpstra jht@samba.org 2009-07-23T14:50:04+00:00 9b18c5475e31507bb27e26e9f34142ead9dae349 






Replace word noone with more correct word nobody. Thanks OPC Oota.
2009-07-09T13:20:32+00:00

John H Terpstra
jht@samba.org

2009-07-09T13:20:32+00:00

14952c72a29ec92badb1bcf16d2a15fe100f060d