CVS update: samba/source/auth
Simo Sorce
simo.sorce at xsec.it
Sun Jun 29 21:26:02 EST 2003
On Sun, 2003-06-29 at 05:39, jerry at samba.org wrote:
> Date: Sun Jun 29 03:39:50 2003
> Author: jerry
>
> Update of /data/cvs/samba/source/auth
> In directory dp.samba.org:/tmp/cvs-serv16648/auth
>
> Modified Files:
> Tag: SAMBA_3_0
> auth.c auth_domain.c auth_util.c
> Log Message:
> Here's the code to make winbindd work on a Samba DC
> to handle domain trusts. Jeremy and I talked about this
> and it's going in as working code. It keeps winbind clean
> and solves the trust problem with minimal changes.
>
> To summarize, there are 2 basic cases where the deadlock would
> occur. (1) lookuping up secondary groups for a user, and
> (2) get[gr|pw]nam() calls that fall through the NSS layer because
> they don't exist anywhere.
>
> o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
> the username includes the 'winbind separator'.
>
> o Case #2 is handled by adding checks in winbindd to return failure
> if we are a DC and the domain matches our own.
Jerry,
does this mean it will be more difficult to code & use winbind_passdb on
PDCs in future?
Simo.
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20030629/5d3bf010/attachment.bin
More information about the samba-cvs
mailing list