[samba-tng] status
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Feb 3 17:16:46 GMT 2000
On Thu, 3 Feb 2000, Elrond wrote:
> On Thu, Feb 03, 2000 at 01:19:33PM +1100, Luke Kenneth Casson Leighton wrote:
> > ok.
> >
> > sander's doing netlogon conversion, he's just gone to sleep.
> >
> > elrond's doing lsarpc conversion, he doesn't like the msdn api format, but
> > then again, neither do any msdn developers like lsa_lookup_sids and
> > lsa_lookup_names.
> >
> > [elrond, would you be happy with a client-side "wrapper" function that
> > looks like rpc_client/cli_lsarpc.c's lsa_lookup_names?]
>
> Okay, since you really want the msdn-API here, I've now
> decided to do the following:
>
> I'll write _lsa_lookup_sids() with the msdn-API (or more
> precisely, an "on-the-wire-API"). and that one will then
> call _lsa_lookup_sids_real(), which has a nicer API:
>
> _lsa_lookup_sids_real(...,
> uint32 num_sids, DOM_SID *sids,
> uint32 *num_names,
> UNISTR2 ***domain_names, DOM_SID ***dom_sids,
> UNISTR2 ***names)
>
> So we will even have "wrappers" (this one is a bit more
> then a wrapper, it has to do real work) on the server-side.
>
> And I want the same API on the client-side too (it may be a
oh yehh, i like it.
> > i have two outstanding problems, one of which is how to make the user
> > passwords secure even though the database itself may be accessible
> > read-only (just like /etc/passwd is). i have an idea, i'll post an rfc in
> > a separate message.
>
> As I already wrote to you, why don't you put them in an
> extra database, like unix does it nowadays (/etc/shadow,
> /etc/security/passwd, etc.), and make that 700, owned by
> root.
give me a while, i'll think of some merits for that over the next few
days.
More information about the samba-technical
mailing list