SID hash

[Elrond]

On Mon, Aug 07, 2000 at 08:23:43PM -0500, Peter Samuelson wrote:
> 
> [Tim Cole]
> > Oh.  Heh, yes.  The definition of "good hash" varies greatly
> > depending on the application :P
> > 
> > Eh, in this case, for use in a hashtable, probably sorted linear for
> > the moment.
> 
> Then I agree with Elrond -- just add 'em up and mod by something.
> Complex hash functions are most useful when the data is non-random in
> some way, like if it's concentrated around powers of two.  In this
> case:
> 
> SIDs from multiple domains are truly random, or close to it, so any
> hash function should be OK.  Ignore that case, for now.
> 
> SIDs in the same domain are identical but for RID, so consider the RID.
> It is not random; I think on NT it's usually a small number greater
> than 500.  On Samba it's related to the UID, which in some
> organizations is very non-random; for example, I categorize my users by
> multiples of 1000, so most people are between 1000N and 1000N+50 for
> five or six values of N.
> 
> So for NT RIDs, just add and mod by anything you want.  If you need to
> consider Samba RIDs, it's probably best to use a prime number of
> buckets, like they always say about hashing anyway.
[...]

NT RIDs are starting at 1000. And they're incremented for
each new user, old RIDs are never reused, they're marked as
DELETED.

So, if you have a crazy nt-admin:
create a,b,c,d,
delete a,b,c

You get 4n+1002, so mod 4 is a bad idea here. ;)

So it's always a good idea, to use a prime. ;)

Samba uses UID*4+1000 for users and gid*4+1001 for groups,
and gid*4+1002 for aliases.

So mod 4 is realy bad. ;)

I hope, winbindd will soon have a good surs-functionality,
then I will conside using it in TNG. (Have to talk with Tim
about it... the surs, that will be needed, will be quite
featureful...)


    Elrond