Security model in samba-2

David Collier-Brown davecb at Canada.Sun.COM
Thu Sep 3 14:46:42 GMT 1998

Luke Kenneth Casson Leighton wrote:
> andrej,
> you have hit on exactly the right problem.  unless the unix system you are
> using supports the concept of "domains", namely that every process, file
> and other object has a "SID" attached to it (max 28 bytes or so) instead
> of a 32 bit uid, then you cannot support multiple domains.

	And it doesn't even map into the old
	``orange book'' (military) concepts of secuity 
	categories and levels within them...

	So you can't easily map them to anything standard,
	nor interpret them as subsets of something bigger.
	Hmmn.. and that doesn't **seem** to match up with
	Kerberos, either.   I wonder if it's going to change
	in NT 5?

David Collier-Brown,  | Cherish your enemies.  They're harder to
185 Ellerslie Ave.,   | come by than friends and more motivated.
Willowdale, Ontario   | davecb at,
N2M 1Y3. 416-223-8968 |

More information about the samba-technical mailing list