[Samba] FILE:/tmp/krb5cc_500 naming conventions
Andrew Bartlett
abartlet at samba.org
Sun Sep 10 20:57:15 UTC 2023
On Sun, 2023-09-10 at 21:51 +0100, Rowland Penny wrote:
> Yes, it probably would be donedifferently now, but that isn't what we
> are talking about, we aretalking about, why would any user on a DC
> have the Unix ID '500'.
500 was (and is likely on some distributions) the UID assigned in
/etc/passwd to the first local user.
Other systems start at 1000, to give more room for system services.
This explains it well:https://serverfault.com/a/362946
> If I (the user rowland) run 'kinit Administrator' on a DC
> with'idmap_ldb:use rfc2307 = yes' turned off, I get a kerberos
> ticket'/tmp/krb5cc_3000020' (note the Unix ID '3000020'). The only
> way that auser can get the Unix ID '500' on a DC, is if
> 'idmap_ldb:use rfc2307 =yes' is set in smb.conf and the user has the
> uidNumber attribute set to500, which as I already said is also the
> RID for Administrator.
> Why would anyone give a normal user the ID '500' ?
The installer does, for the first system user.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list