SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Feb 9 17:33:33 GMT 2000


On Thu, 10 Feb 2000 tridge at linuxcare.com wrote:

> > So the MSRPC daemons will have access to the user context information.
> > They have to implement authorization functionality internally because
> > the objects which most of those MSRPC daemons deal with are NOT Unix
> > kernel objects (files, pipes, Unix sockets, processes, whatever); if
> > those objects are not Unix kernel objects then switching Unix security
> > contexts (euid/egid) HAS NO EFFECT.
> 
> I am so glad to see that somebody else understands this. It is a very
> important concept.
> 
> We have to decouple the unix security context from the RPC security
> context. We have the SMB and Unix security contexts coupled in smbd,
> but we get away with that because we are dealing with objects that the
> unix kernel knows about so the unix security handling does all the

andrew, if i wasn't keeping --- just like there is in smbd --- a _direct_
one-to-one mapping between unix security context and the
what-is-considered-to-be-a-nonexistent-security-model, i would agree with
you.



More information about the samba-technical mailing list