samba - Dec 2005 - Inclusion of libnss_wins in vendor distros?

This might be a stupid question, but I ask only because I can't think of
a good reason...

Why do so many vendors' builds of Samba not include libnss_wins, the
WINS/NetBIOS name resolution library? I find that it is very helpful for
my Linux/Samba servers to be able to resolve hostnames by WINS. It also
seems to improve domain browsing performance dramatically to have the
library present and enabled in nsswitch.conf. It seems to me to be such
a basic and essential part of the SMB protocol, yet many distributions
omit it. It's very annoying. I guess the solution is to always build
Samba using the latest stable sources from samba.org.

Perhaps someone thinks it's a security vulnerability and therefore
shouldn't be included by default, but would a system be any less secure
if the library was included but not disabled by default? Besides, in my
experience, even when the WINS libraries are included, nsswitch.conf
must be edited to enable it -- I don't see the mere presence of
libnss_wins.so on a system making it any less vulnerable, just as having
a key on the inside of a locked door doesn't make the house any less secure.

Any good reasons why it wouldn't be included?

-- 
--Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com

Jonathan,
    Which distributions are you talking about?  Also are you referring to
the use of wins for hostname resolution in nsswitch.conf file?  I was under
then impression that only worked for SGI Irix?  Am I mistaken? I am running
RHEL/CentOS 4.x and Gentoo, but come with the wins library.  In the case of
Gentoo you have to use the right USE flags of course.

Vijay Avarachen
:wq!

On 12/23/05, Jonathan Johnson <jon@sutinen.com>
wrote:
>
> This might be a stupid question, but I ask only because I can't think
of
> a good reason...
>
> Why do so many vendors' builds of Samba not include libnss_wins, the
> WINS/NetBIOS name resolution library? I find that it is very helpful for
> my Linux/Samba servers to be able to resolve hostnames by WINS. It also
> seems to improve domain browsing performance dramatically to have the
> library present and enabled in nsswitch.conf. It seems to me to be such
> a basic and essential part of the SMB protocol, yet many distributions
> omit it. It's very annoying. I guess the solution is to always build
> Samba using the latest stable sources from samba.org.
>
> Perhaps someone thinks it's a security vulnerability and therefore
> shouldn't be included by default, but would a system be any less secure
> if the library was included but not disabled by default? Besides, in my
> experience, even when the WINS libraries are included, nsswitch.conf
> must be edited to enable it -- I don't see the mere presence of
> libnss_wins.so on a system making it any less vulnerable, just as having
> a key on the inside of a locked door doesn't make the house any less
> secure.
>
> Any good reasons why it wouldn't be included?
>
> --
> --Jon Johnson
> Sutinen Consulting, Inc.
> www.sutinen.com
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


--
"Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it."
-- ancient Sanskrit saying

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vijay Avarachen wrote:
> Jonathan,
>     Which distributions are you talking about?  Also are 
> you referring to the use of wins for hostname resolution in
> nsswitch.conf file?  I was under then impression that only
> worked for SGI Irix?  Am I mistaken?
libnss_wins.so will work on many platforms.  The
netbios name resolution support in winbindd will only
work on IRIX and recently on Solaris.





cheers, jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDvDiGIR7qMdg1EfYRAu+RAJ0ZM7VZbvvFvKaDg86ZSu7SnOpAyQCfaELi
3x7akQuEnl3NLLB+rmvNilg=XbIb
-----END PGP SIGNATURE-----