[PATCH]: wbc: expand wbcAuthUserParams to
pass alternate domain\user
Gerald Carter
jerry at plainjoe.org
Wed May 20 16:00:33 GMT 2009
Stefan (metze) Metzmacher wrote:
>>> If you disallow "username map" for local NLTMv2 support, would that
>>> simplify the problem? And secondly (forgive me if this is totally
>>> off the wall), could you not just retrieve the original target name
>>> from
>>> V2Response blob? I don't have a Vista client handy to verify
>>> the empty domain name right now. So I don't know if the "NetBios
>>> Hostname" (name type 0x1) is the same as the name used when generating
>>> the V2 Hash.
>> Eliminating support for "username map" in conjunction with NTLMv2 would
>> remove the need to pass a second username through wbc. This is of
>> course a decent feature limitation.
>
> I think the username map feature should be moved to winbind in this
> case. That's the only way it makes sense at all.
Hey Metze,
This is the same as the aliases support I added a while ago
to winbindd. See the nss_map_{to,from}_alias(). The idmap_adex()
plugin has an implementaiton of those API calls IIRC.
cheers, jerry
--
=====================================================================
http://www.plainjoe.org/
"What man is a man who does not make the world better?" --Balian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090520/2030befd/signature.bin
More information about the samba-technical
mailing list