Security Identifier (SID) to User Identifier (uid) Resolution
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Dec 24 18:44:25 GMT 1999
On Fri, 24 Dec 1999, Steve Langasek wrote:
> On Fri, 24 Dec 1999, Drash, Jim [EESUS] wrote:
> > I am very confused. I just read an article that Windows 2000 has adopted
> > the kerboros security model. Kerberos has been available to POSIX sytems for
> > years. Why do we need another? POSIX systems don't support the concept of
> > remote POSIX users? WHAT? Then how do I telnet in from one system to anther?
> > How do I get X-Windows apps on one system to use my local X-server for
> > display?
> Kerberos provides authentication credentials when given the name of a Kerberos
> principal, and principals are usually usernames (or account names of any
> sort). Kerberos does *not* provide a mechanism for mapping that name to an
> SID or UID, the numeric identifier used to provide access within the OS itself
> (filesystems, etc.)
except, of course, microsoft's xxxxing stupid modifications to the
kerberos protocol, which i am REALLY annoyed with them about because it is
so totally unneccesary.
the modifications return a PAC. the PAC contains the SID and all other
user profile information.
there already exists perfectly good microsoft proprietary protocols to
obtain user profile information which they could have used, or modified
instead of modifying an existing internet standard that has been in use
for the last ten years at least.
More information about the samba-technical