username rewriting option for authentication
Gerald (Jerry) Carter
jerry at samba.org
Wed Dec 15 14:51:20 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc Lanctot wrote:
| Hi,
|
| I would liek to add some functionality to samba, but would first like to
| ask the developers if this would be a desired feature-- and if so, how
| to go about it.
|
| A few days ago I wrote to the samba list asking if there was a generic
| way of rewriting usernames a la apache's rewrite engine: a user requests
| username1 which gets mapped to username2 (by samba) and then
| authenticates using username2.
|
| I need this functionality because we are using winbind to authenticate
| Linux machines over an Active Directory server, and we wish to use our
| bindDN's as opposed to our sAMAccountNames.
|
| I'd like to add this functionality to samba/winbind. The proposed method
| for doing this would be like so:
|
| - add an "username rewrite = file" option to smb.conf
|
| where file is a list of rewrite rules of the form:
|
| "requested_username = auth_username"
|
| and (if the file exists) all requested usernames would first get
| rewritten before they are used to authenticate.
Why can't you just use a username map ? I expect your
approach would hit a wall when dealing with kerberos
tickets since you can't modify the user name.
One thing that is unclear in your mail is an example of
of a sAMAccountName and the bindDN that you wish to use.
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBwE9oIR7qMdg1EfYRAkL5AKCVNcpZm4jhM1gEQdU33JY53BQQRwCgzf++
5wxU+8owTgFly8bv1wuqBsI=
=kh9E
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list