Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?]

Gerald Carter gcarter at valinux.com
Wed Aug 9 15:50:49 GMT 2000 

Kevin Colby wrote:
> 
> I was thinking the same thing myself.
> Why should the UID have anything to do with the RID?

No one that has asked this question has provided
an alternative.  I'm open to other possibilities.

* Fact: in order to ensure uniqueness between 
machine trust account RIDs and user / group RIDs,
the current samba implementation links these to uids.

Whatever other solution may be implemented in 
the future, it will still have to maintain this 
uniqueness property.

> This should be even more of an issue if you are
> trying to move to something like winbind.

ok.  Let me think this statement through.

...winbindd contacts a PDC for domain account information.
If the PDC is the local Samba server,...where does the Samba
server store its account database?  Hmmm...maybe in a 
database file.  So the Samba server only deals with RIDs
at this point.  Any attempt to get a uid of the user 
(getpwnam()) will go through winbind which will loop back 
to the Samba PDC and will eventually result in generated
(and allocated) uid.

Still thinking...

But in the above sceanrio (using NSS modules), you don't
see machine trust account passwords /etc/passwd.  OK.
But they still exist in the mapping entries in yout NSS module
backend.  Well that's ok because you don't see them...

But what if you were using something list nss_ldap....
Well the machine trust accounts would still have to exist
there because you need a to allocate a uid to insure 
uniqueness among uids to various RIDs...

I see how this is cosmetically better, but I'm still 
not sure why all the fuss about adding machine$ to 
/etc/passwd?  Other than it looks messy.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list