Security Identifier (SID) to User Identifier (uid) Resolution System

Steve Langasek vorlon at
Thu Dec 23 17:23:32 GMT 1999

On Fri, 24 Dec 1999, Drash, Jim [EESUS] wrote:

> I am very confused.  I just read an article that Windows 2000 has adopted
> the kerboros security model. Kerberos has been available to POSIX sytems for
> years. Why do we need another? POSIX systems don't support the concept of
> remote POSIX users? WHAT? Then how do I telnet in from one system to anther?
> How do I get X-Windows apps on one system to use my local X-server for
> display?      

Kerberos provides authentication credentials when given the name of a Kerberos
principal, and principals are usually usernames (or account names of any
sort).  Kerberos does *not* provide a mechanism for mapping that name to an
SID or UID, the numeric identifier used to provide access within the OS itself
(filesystems, etc.)

Samba uses SIDs internally, which are unique across an NT domain, but it
usually runs on top of a POSIX system.  It would be very useful to have a
uniform method for mapping between SIDs and UIDs, to provide smoother
integration between the two systems.

-Steve Langasek
postmodern programmer

More information about the samba-technical mailing list