Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Jeremy Allison jeremy at
Wed Dec 29 21:59:42 GMT 1999

Nicolas Williams wrote:

> Kerberos has no uid/sid like concept. Kerberos only has names
> (principals) and domains (realms).

*Precisely*. Kerberos and DCE use a name based mapping, not
a number based one.

> Let's just say that the main benefit of SIDs is that they provide some
> hierarchy where uids provide none.

Yes, but remember we are working on POSIX systems. They
have no hieratrchy of users. Yes that sucks but it isn't
a job for Samba to fix.

> The idea is to make Samba use that API and for some external agent to
> provide it.

I don't really want Samba to use that API. I'd rather
Samba only know about uid/gids and have the uglyness in
the mapping done in one place only.


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list