CVS update: samba/source/auth

Simo Sorce simo.sorce at xsec.it
Sun Jun 29 21:26:02 EST 2003


On Sun, 2003-06-29 at 05:39, jerry at samba.org wrote:
> Date:	Sun Jun 29 03:39:50 2003
> Author:	jerry
> 
> Update of /data/cvs/samba/source/auth
> In directory dp.samba.org:/tmp/cvs-serv16648/auth
> 
> Modified Files:
>       Tag: SAMBA_3_0
> 	auth.c auth_domain.c auth_util.c 
> Log Message:
> Here's the code to make winbindd work on a Samba DC
> to handle domain trusts.  Jeremy and I talked about this
> and it's going in as working code.  It keeps winbind clean
> and solves the trust problem with minimal changes.
> 
> To summarize, there are 2 basic cases where the deadlock would
> occur.  (1) lookuping up secondary groups for a user, and 
> (2) get[gr|pw]nam() calls that fall through the NSS layer because
> they don't exist anywhere.
> 
> o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
>   the username includes the 'winbind separator'.  
> 
> o Case #2 is handled by adding checks in winbindd to return failure
>   if we are a DC and the domain matches our own.

Jerry,
does this mean it will be more difficult to code & use winbind_passdb on
PDCs in future?

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20030629/5d3bf010/attachment.bin


More information about the samba-cvs mailing list