>>>>> "Tomasz" == Tomasz Chmielewski <mangoo at wpkg.org> writes: Tomasz> The question - how does the Windows client know it's Tomasz> connecting to the legitimate domain server when the user Tomasz> logs on? A windows domain client shares a secret password with the domain server. I would assume this is to verify the identity of the server. Each server also shares a secret password with the domain server. I would have hoped this could be used to verify the identify of the server to the client - and maybe this does happen deep down in the Windows networking stack somewhere, but it didn't seem to be exposed to the user. I think I will ask the Samba team just what is suppose to happen, and will report back what they say. I am not an expert on such matters myself. On the other hand, even if domains can be made secure, the same can't apply to workgroups, as there are no shared passwords that can be used to authenticate the server to the client (only the other way). -- Brian May <bam at snoopy.apana.org.au> |