more to come

Jean-Francois Micouleau Jean-Francois.Micouleau at utc.fr
Wed May 6 08:35:49 GMT 1998 

On Tue, 5 May 1998, Jeremy Allison wrote:

> > 1) we could add an independent database which did ACL support for us, and
> > its indeces would be based on RIDs (and rid_to_uid would have to be
> > called)
> Bleeeeechh - that's what AT&T's advanced server for UNIX
> does - have you any idea how *slow* that thing is :-) :-).

If they can't code it to be fast that's their problem. 4 months ago I
looked at supporting ACL in separate files, and it was fast.

The real point with external ACL support is a security point of view. If
people ask for external ACL because their systems don't support them
natively, then we will rethink of it.

> > 3) samba gets ported to NT.
> Well then we'd have to map RIDs to uid/gids for all the
> other Samba code to work - we just map them back at
> the lower layer :-).

no trouble here, RID and uid are considered equivalent.

I don't see why you want to port samba to NT :-)
NT admins don't understand that a free software can better than an
expensive one. I had such a guy for 2 years working on the desk next to
mine.

> > ok, there's another [technical, coding] reason why it is a better idea to
> > delay the conversion from rid to uid for a small amount of time: namely
> > that within all dce/rpc calls that reference RIDs (of which there are
> > several, and there will be several more) you will need to make a
> > rid_to_uid call.  i am unhappy that this will have to be done, when i
> > percieve that it would be better to have the API layer _below_ make the
> > rid_to_uid call.
> 
> This is a good idea - we should structure the uid->RID mapping
> so it's above the dce layer, except when the dce layer needs
> to enumerate uids/gids - then the map to RIDs should be done
> within the dce call.

if you start making exception, it's because you have badly designed what
you want to implement. 

The DCE code is based on RID. Point.
As both you agree on this, there must be a below layer doing conversion
between RID and UID, but the DCE code MUST NOT need to know about uid.

	Jean Francois

-----------------------------------------------------------
: Jean Francois Micouleau       : Email: jfm at utc.fr       :
: Universite de                 : Tel  : 03 44 23 47 78   :
: Technologie de                :  Service Informatique   :
: Compiegne              France :     Division IRNM       :
-----------------------------------------------------------

More information about the samba-technical mailing list