Removal of CRUFT. 50 lashes to those who created CRUFT. Argh.

[Samba/gebeck_regimport.git] / docs / smbdotconf / security / hostsequiv.xml

<samba:parameter name="hosts equiv"
                 context="G"
                                 type="string"
                 advanced="1" developer="1"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
    <para>If this global parameter is a non-null string, 
    it specifies the name of a file to read for the names of hosts 
    and users who will be allowed access without specifying a password.
    </para>
                
    <para>This is not be confused with <smbconfoption name="hosts allow"/> which is about hosts 
    access to services and is more useful for guest services. <parameter moreinfo="none">
    hosts equiv</parameter> may be useful for NT clients which will 
    not supply passwords to Samba.</para>

    <note><para>The use of <parameter moreinfo="none">hosts equiv
    </parameter> can be a major security hole. This is because you are 
    trusting the PC to supply the correct username. It is very easy to 
    get a PC to supply a false username. I recommend that the 
    <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really 
    know what you are doing, or perhaps on a home network where you trust 
    your spouse and kids. And only if you <emphasis>really</emphasis> trust 
        them :-).</para></note>
</description>
                
<value type="default"><comment>no host equivalences</comment></value>
<value type="example">hosts equiv = /etc/hosts.equiv</value>
</samba:parameter>