Linkage dependencies

Simo Sorce simo.sorce at polimi.it
Wed Dec 6 13:03:47 GMT 2000 

On Wed, 6 Dec 2000, Mayers, Philip J wrote:

> bdb was an example. Insert your favourite multiple-index transactional DB.

btw, bdb has not multiple indexes :)

> IIRC, Win2K LDAP replication is a proprietary multi-master protocol (oh,
> there's a f***ing surprise). Their KDC replication runs over that, and if
> someone wants to use their current infrastructure (e.g. MIT kpropd) we
> should let them. Also, I'm certainly not going to do any work towards
> decoding MS's crap protocol anytime soon.
>
> Why should PDC/BDC replication only ever be supported when in mixed-mode? At
> least we *know* how that protocol works (even if it is crap). The Win2K one
> we don't. Also, NT4 PDC/BDC replication would allow a slow migration from
> NT4 to Samba PDCs, at which point you could switch them to native samba mode
> and enter the 21st century.

Do you mean you want to support PDC/BDC replication also in samba "native"
mode?
I know PDC/BDC rep  would allow a slow migration and I think this is one
of the most wanted tool to migrate!

> I'm not proposing developing a "third samba" way. I'm proposing letting the
> backend handle that in native mode, and the NT4 protocol in NT4/Samba mixed
> mode (we do *want* to implement the Win2K protocol in Win2K/Samba mixed
> mode, but it's a pain in the backside). So, in native mode you just setup
> LDAP replication as appropriate (or SQL, or rsync, or whatever). Samba isn't
> a database replication tool, and shouldn't have to be (IMHO).

I agree!

> I wasn't proposing moving user-level restrictions out of passdb (although
> how they tie in with PAM-level restrictions is an interesting point) - I was
> asking where the appropriate place to *apply* the restrictions was. Do we
> fail authentication, or do we succeed and let Samba handle the details. I'm
> in favour of the former - a restriction is a restriction, and you should
> never let a user know why they login failed. Information leakage is bad.

I agree there also, restrictions should be handled by authentication!

ciao,
Simo.

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-technical mailing list