VFS Implementation and user authentication

Tim Potter tpot at linuxcare.com.au
Wed Sep 6 23:58:01 GMT 2000

Brad Sahr writes:

> Jeremy Allison writes:
> > Can you explain your problems in more detail please ?
> > What exactly do you need to do that the vfs layer is missing ?
> >
> > Tim - this is why I don't want to ship vfs in 2.2.x, as
> > we still need more implementation experience with it before
> > we can freeze a first version of a vfs interface.

That's probably wise.

> When a user connects to a Samba share, it appears to me that the user is
> authenticated by smbd and then the VFS is notified 'after the fact' via a
> call to the connect() function within the VFS. I need to have a remote
> system authenticate a user before [s]he is hooked up to the VFS. I could do
> this if Samba supplied the user's password along with the already supplied
> username.

I'm thinking that there does need to be a generic authorisation
interface - perhaps something similar to PAM?  I don't know
whether it should be part of the VFS or a separate interface.
The current security = domain|user|share interface could be
rewritten with this api to check it all hangs together properly.

> In the future, I need to work with LDAP. I don't see anything in the VFS
> associated with LDAP either, but there clearly is ldap support in Samba. Any
> help understanding how the VFS could hook up with LDAP would be appreciated.

This is why I think a generic auth interface should be separate
from the VFS.



More information about the samba-technical mailing list