SID hash
Elrond
elrond at samba.org
Tue Aug 8 18:39:33 GMT 2000
On Mon, Aug 07, 2000 at 08:23:43PM -0500, Peter Samuelson wrote:
>
> [Tim Cole]
> > Oh. Heh, yes. The definition of "good hash" varies greatly
> > depending on the application :P
> >
> > Eh, in this case, for use in a hashtable, probably sorted linear for
> > the moment.
>
> Then I agree with Elrond -- just add 'em up and mod by something.
> Complex hash functions are most useful when the data is non-random in
> some way, like if it's concentrated around powers of two. In this
> case:
>
> SIDs from multiple domains are truly random, or close to it, so any
> hash function should be OK. Ignore that case, for now.
>
> SIDs in the same domain are identical but for RID, so consider the RID.
> It is not random; I think on NT it's usually a small number greater
> than 500. On Samba it's related to the UID, which in some
> organizations is very non-random; for example, I categorize my users by
> multiples of 1000, so most people are between 1000N and 1000N+50 for
> five or six values of N.
>
> So for NT RIDs, just add and mod by anything you want. If you need to
> consider Samba RIDs, it's probably best to use a prime number of
> buckets, like they always say about hashing anyway.
[...]
NT RIDs are starting at 1000. And they're incremented for
each new user, old RIDs are never reused, they're marked as
DELETED.
So, if you have a crazy nt-admin:
create a,b,c,d,
delete a,b,c
You get 4n+1002, so mod 4 is a bad idea here. ;)
So it's always a good idea, to use a prime. ;)
Samba uses UID*4+1000 for users and gid*4+1001 for groups,
and gid*4+1002 for aliases.
So mod 4 is realy bad. ;)
I hope, winbindd will soon have a good surs-functionality,
then I will conside using it in TNG. (Have to talk with Tim
about it... the surs, that will be needed, will be quite
featureful...)
Elrond
More information about the samba-technical
mailing list