PAM and LDAP
Andrew Bartlett
abartlet at pcug.org.au
Mon Apr 30 14:35:40 GMT 2001
Gerald Carter wrote:
>
> On Mon, 30 Apr 2001 08:07:49 Andrew Bartlett wrote:
> > Samba spends much of its day doing getpwnam lookups, even when it does
> > not make sense. Its probably one of those that is failing. I have
> > been
> > looking at authentication generally, and PAM in particular for a major
> > rewrite - some of which is slowly creeping into the samba tree. There
> > is no reason to do a getpwnam() call for PDC authentications, so
> > finding the problematic one shouldn't be too much of an issue.
>
> Sure there is. You have to generate a RID to fill in the
> NET_USE_INFO struct returned to the client. RID currently
> are generated from uid's (althought this will eventually be
> changed and the RID will be stored in the passdb).
>
OK, so I missed the pdb_name_to_rid() hiding away in passdb/passdb.c
Note however that there is very little reference to getpwnam in the rest
of the domain logon stuff, mostly we just lookup in smbpasswd, and
presume that means that the user exists on the system as a whole - this
might be a dangerours assumption.
Now its time for sleep...
Andrew Bartlett
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba
mailing list