Theoretical Question about Databases

Jens Skripczynski Skripi at
Sun May 14 12:47:17 GMT 2000


I wanted to ask about the new Database shemes and what they are
supposed to be implementing.
The currtent smbpasswd sheme only implements the storing of 
- Users with SIDS and Passwords
- WS of the current Domain with SIDS.

This old scheme will fail in the Future if most of the PDC Concept
shall be emulated by TNG:
- Users information will not only contain SIDS and Password but:
  - as by Usermanager
    - Full Name
    - Describtion
    - Groupmembership
    - logon Times for certain Machines...
- PDC database containig
  - the own DOMAIN SID (?)
  - the WS Sids of the DOMAIN
  - Passwords and Accounts for trusted relationship
  - SIDS for established relationships
  - ...
Is the current database implementing these issues ?
Is the LDAP port also implementing the same or are there any differences ?
What about some pluggable database, in case there are more to come, so
that any database can be plugged in for use.

2) The administrative User from NT side should not have UID 0

   I know that under all circumstances UID 0 and mode 0600 for
   smbpasswd shields the password database from misuse and
   insecurity. But in my opinion the root-account in only
   used for administrative use on the Machine such that
   installing or upgrading Programms.
   Also (if) TNG is totally behaves like a PDC people used to
   NT might not see the difference and delete certain files,
   they could not, if the do not obtain UID 0.

   In my opionion some properly code "sudo" Group, that gets
   for Administrative Use the uid 0 priviligdes would be great.


Jens Skripczynski
E-Mail: skripi at

Computers are like airconditioners: They stop working 
properly if you open windows.

More information about the samba-ntdom mailing list