Why machines in passwd anyway? [was Re: NT machine accounts in
FreeBSD?]
Gerald Carter
gcarter at valinux.com
Wed Aug 9 15:50:49 GMT 2000
Kevin Colby wrote:
>
> I was thinking the same thing myself.
> Why should the UID have anything to do with the RID?
No one that has asked this question has provided
an alternative. I'm open to other possibilities.
* Fact: in order to ensure uniqueness between
machine trust account RIDs and user / group RIDs,
the current samba implementation links these to uids.
Whatever other solution may be implemented in
the future, it will still have to maintain this
uniqueness property.
> This should be even more of an issue if you are
> trying to move to something like winbind.
ok. Let me think this statement through.
...winbindd contacts a PDC for domain account information.
If the PDC is the local Samba server,...where does the Samba
server store its account database? Hmmm...maybe in a
database file. So the Samba server only deals with RIDs
at this point. Any attempt to get a uid of the user
(getpwnam()) will go through winbind which will loop back
to the Samba PDC and will eventually result in generated
(and allocated) uid.
Still thinking...
But in the above sceanrio (using NSS modules), you don't
see machine trust account passwords /etc/passwd. OK.
But they still exist in the mapping entries in yout NSS module
backend. Well that's ok because you don't see them...
But what if you were using something list nss_ldap....
Well the machine trust accounts would still have to exist
there because you need a to allocate a uid to insure
uniqueness among uids to various RIDs...
I see how this is cosmetically better, but I'm still
not sure why all the fuss about adding machine$ to
/etc/passwd? Other than it looks messy.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list